[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 45 - RECENT-02 (20 candidates)

This cluster covers recently announced problems from December 4
through December 12.  "Recent" clusters will be proposed on a weekly
basis for the foreseeable future as we consider issues related to
going live with candidate assignment.

You are strongly encouraged to ensure that your database is kept
up-to-date with respect to RECENT candidates; otherwise, you will face
the same amount of effort it's already taken for you to bring your
database up to speed with respect to legacy problems.

For those who are wondering, the "Same Codebase" content decision is
what forced the split between CAN-1999-0983, CAN-1999-0984, and
CAN-1999-0985.  Sometime in the future, candidates may be annotated
with the content decisions that affect them.

- Steve


Proposed: 12/13
Scheduled Proposed: 12/13
Scheduled Interim Decision: 12/27
Scheduled Final Decision: 12/31



Summary of votes to use (in ascending order of "severity"):

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

=================================
Candidate: CAN-1999-0972
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow
Reference: BID:863

Buffer overflow in Xshipwars xsw program.

VOTE:

=================================
Candidate: CAN-1999-0973
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:858

Buffer overflow in Solaris snoop program allows remote attackers to
gain root privileges via a long domain name when snoop is running in
verbose mode.

VOTE:

=================================
Candidate: CAN-1999-0974
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: ISS:19991209 Buffer Overflow in Solaris Snoop
Reference: SUN:00190
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:864

Buffer overflow in Solaris snoop allows remote attackers to gain root
privileges via GETQUOTA requests to the rpc.rquotad service.

VOTE:

=================================
Candidate: CAN-1999-0975
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT
Reference: BID:868

The Windows help system can allow a local user to execute commands as
another user by editing a table of contents metafile with a .CNT
extension and modifying the topic action to include the commands to be
executed when the .hlp file is accessed.

VOTE:

=================================
Candidate: CAN-1999-0976
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released
Reference: BID:857

Sendmail in Debian GNU/Linux 2.1 allows local users to reinitialize
the aliases database, then cause a denial of service by interrupting
Sendmail.

VOTE:

=================================
Candidate: CAN-1999-0977
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: SF-INCIDENTS:19991209 sadmind
Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability
Reference: BID:866

Buffer overflow in Solaris sadmind allows remote attackers to gain
root privileges using a NETMGT_PROC_SERVICE request.

VOTE:

=================================
Candidate: CAN-1999-0978
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: DEBIAN:19991209
Reference: BID:867

Debian htdig allows remote attackers to execute commands via filenames
with shell metacharacters.

VOTE:

=================================
Candidate: CAN-1999-0979
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security
Reference: BID:869

The SCO UnixWare privileged process system allows local users to gain
root privileges by using a debugger such as gdb to insert traps into
_init before the privileged process is executed.

VOTE:

=================================
Candidate: CAN-1999-0980
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: MS:MS99-055
Reference: MSKB:Q246045

Windows NT Service Control Manager (SCM) allows remote attackers to
cause a denial of service via a malformed argument in a resource
enumeration request.

VOTE:

=================================
Candidate: CAN-1999-0981
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: MS:MS99-050
Reference: MSKB:Q246094

Internet Explorer 5.01 and earlier allows a remote attacker to create
a reference to a client window and use a server-side redirect to
access local files via that window, aka "Server-side Page Reference
Redirect."

VOTE:

=================================
Candidate: CAN-1999-0982
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: unknown
Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file

The Sun Web-Based Enterprise Management (WBEM) installation script
stores a password in plaintext in a world readable file.

VOTE:

=================================
Candidate: CAN-1999-0983
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991109 Whois.cgi - ADVISORY.

Whois Internic Lookup program whois.cgi allows remote attackers to
execute commands via shell metacharacters in the domain entry.

VOTE:

=================================
Candidate: CAN-1999-0984
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991109 Whois.cgi - ADVISORY.

Matt's Whois program whois.cgi allows remote attackers to
execute commands via shell metacharacters in the domain entry.

VOTE:

=================================
Candidate: CAN-1999-0985
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991109 Whois.cgi - ADVISORY.

CC Whois program whois.cgi allows remote attackers to execute commands
via shell metacharacters in the domain entry.

VOTE:

=================================
Candidate: CAN-1999-0986
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991209 Big problem on 2.0.x?
Reference: BID:870

The ping command in Linux 2.0.3x allows local users to cause a denial
of service by sending large packets with the -R (record route)
option.

VOTE:

=================================
Candidate: CAN-1999-0987
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name
Reference: MSKB:Q237923

Windows NT does not properly download a system policy if the domain
user logs into the domain with a space at the end of the domain name.

VOTE:

=================================
Candidate: CAN-1999-0988
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991204 UnixWare pkg* command exploits

UnixWare pkgtrans allows local users to read arbitrary files via a
symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0989
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: NTBUGTRAQ:19991205 new IE5 remote exploit
Reference: BUGTRAQ:19991205 new IE5 remote exploit
Reference: BID:861

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX)
allows remote attackers to execute commands via the vnd.ms.radio
protocol.

VOTE:

=================================
Candidate: CAN-1999-0990
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:19991205 gdm thing

Error messages generated by gdm with the VerboseAuth setting allows an
attacker to identify valid users on a system.

VOTE:

=================================
Candidate: CAN-1999-0991
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: BID:862

Buffer overflow in GoodTech Telnet Server NT allows remote users to
cause a denial of service via a long login name.

VOTE:
Page Last Updated or Reviewed: May 22, 2007