[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 47 - UNIX-VEN (25 candidates)



The following cluster contains 25 candidates.  It includes Unix
problems which have been acknowledged by an OS vendor.

- Steve


Proposed: 12/13
Scheduled Proposed: 12/13
Scheduled Interim Decision: 12/27
Scheduled Final Decision: 12/31



Summary of votes to use (in ascending order of "severity"):

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

=================================
Candidate: CAN-1999-0674
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: NetBSD:1999-011
Reference: OPENBSD:Aug 9,1999
Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program
Reference: BID:570
Reference: XF:netbsd-profil

The BSD profil system call allows a local user to modify the internal
data space of a program via profiling and execve.

VOTE:

=================================
Candidate: CAN-1999-0684
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:HPSBUX9904-097

Denial of service in Sendmail 8.8.6 in HPUX.

VOTE:

=================================
Candidate: CAN-1999-0686
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:00098

Vulnerability in VVOS NES web server in HP via a malformed URL.

VOTE:

=================================
Candidate: CAN-1999-0688
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:HPSBUX9907-101

Buffer overflows in HP Security Vulnerability Software Distributor
(SD) for HPUX 10.x and 11.x.

VOTE:

=================================
Candidate: CAN-1999-0690
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:HPSBUX9907-100
Reference: CIAC:J-053

HP CDE program includes the current directory in root's PATH variable.

VOTE:

=================================
Candidate: CAN-1999-0694
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990713
Reference: CIAC:J-055
Reference: IBM:ERS-SVA-E01-1999:002.1

Denial of service in AIX ptrace system call.

VOTE:

=================================
Candidate: CAN-1999-0703
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags
Reference: OPENBSD:Jul30,1999
Reference: FREEBSD:FreeBSD-SA-99:01

OpenBSD, BSDI, and other Unix operating systems allow users to set
chflags and fchflags on character and block devices.

VOTE:

=================================
Candidate: CAN-1999-0707
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: CF
Reference: HP:HPSBUX9906-099
Reference: XF:hp-visualize-conference-ftp
Reference: CIAC:J-050

The default FTP configuration in HP Visualize Conference allows
conference users to send a file to other participants without
authorization.

VOTE:

=================================
Candidate: CAN-1999-0713
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: XF:cde-dtlogin
Reference: COMPAQ:SSRT0600U

The dtlogin program in Compaq Tru64 UNIX allows local users to gain
root privileges.

VOTE:

=================================
Candidate: CAN-1999-0714
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: COMPAQ:SSRT0600U

Vulnerability in Compaq Tru64 UNIX edauth command.

VOTE:

=================================
Candidate: CAN-1999-0724
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: OPENBSD:Aug12,1999

Buffer overflow in OpenBSD procfs and fdescfs file systems via
uio_offset in the readdir() function.

VOTE:

=================================
Candidate: CAN-1999-0745
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BID:590
Reference: XF:aix-pdnsd-bo
Reference: CIAC:J-059
Reference: IBM:ERS-SVA-E01-1999:0031

Buffer overflow in Source Code Browser Program Database Name Server
Daemon (pdnsd) for the IBM AIX C Set ++ compiler.

VOTE:

=================================
Candidate: CAN-1999-0761
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: FREEBSD:FreeBSD-SA-99:05
Reference: BID:644

Buffer overflow in FreeBSD fts library routines allows local user to
modify arbitrary files via the periodic program.

VOTE:

=================================
Candidate: CAN-1999-0763
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: NETBSD:1999-010
Reference: XF:netbsd-arp

NetBSD on a multi-homed host allows ARP packets on one network to
modify ARP entries on another connected network.

VOTE:

=================================
Candidate: CAN-1999-0764
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: NETBSD:1999-010
Reference: XF:netbsd-arp

NetBSD allows ARP packets to overwrite static ARP entries.

VOTE:

=================================
Candidate: CAN-1999-0765
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990619 IRIX midikeys root exploit.
Reference: SGI:19990501-01-A
Reference: XF:irix-midikeys

SGI IRIX midikeys program allows local users to modify arbitrary files
via a text editor.

VOTE:

=================================
Candidate: CAN-1999-0767
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: SUN:00189

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES
environmental variable.

VOTE:

=================================
Candidate: CAN-1999-0771
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-file-read

The web components of Compaq Management Agents and the Compaq Survey
Utility allow a remote attacker to read arbitrary files via a .. (dot
dot) attack.

VOTE:

=================================
Candidate: CAN-1999-0772
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-dos

Denial of service in Compaq Management Agents and the Compaq Survey
Utility via a long string sent to port 2301.

VOTE:

=================================
Candidate: CAN-1999-0779
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:HPSBUX9810-086

Denial of service in HP-UX SharedX recserv program.

VOTE:

=================================
Candidate: CAN-1999-0783
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: FreeBSD:FreeBSD-SA-98:05
Reference: CIAC:I-057

FreeBSD allows local users to conduct a denial of service by creating
a hard link from a device special file to a file on an NFS file
system.

VOTE:

=================================
Candidate: CAN-1999-0789
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000
Reference: IBM:ERS-SVA-E01-1

Buffer overflow in AIX ftpd in the libc library.

VOTE:

=================================
Candidate: CAN-1999-0796
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: FREEBSD:SA-98.03

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing
attacks.

VOTE:

=================================
Candidate: CAN-1999-0911
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990827 ProFTPD
Reference: BUGTRAQ:19990907 ProFTP-1.2.0pre4 buffer overflow -- once more
Reference: FREEBSD:FreeBSD-SA-99:03
Reference: BID:612

Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote
attackers to gain root access via a series of MKD and CWD commands
that create nested directories.

VOTE:

=================================
Candidate: CAN-1999-0964
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: FREEBSD:FreeBSD-SA-97:01

Buffer overflow in FreeBSD setlocale in the libc module.

VOTE:

Page Last Updated or Reviewed: May 22, 2007