[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 15 candidates from RECENT-02 (Final 1/3/2000)



I have made an Interim Decision to ACCEPT the following 15 candidates
from the RECENT-02 cluster.  I will make a Final Decision on January
3, 2000.

RECENT-02 is our first "live" cluster to make it to this phase.  Since
it covers problems announced between December 4 and December 12, it
will have taken 4 to 5 weeks from the initial public announcement to
the assignment of a CVE number.  Given the 2.5-week minimum that is
built into the voting process (between proposal, interim decision, and
final decision) and a 1 week lag between public announcement and
proposal to the Board, these candidates were moved fairly rapidly.

It is reasonable to expect that this 4-5 week lag will continue with
the current voting process.  Note that RECENT-01 is not being moved to
Interim Decision yet, as one voter is still REVIEWING some of the
candidates.  This projects a 6-8 week lag for these candidates, as
well as the other RECENT-02 candidates that have not yet moved to
Interim Decision.  As we begin to process brand-new candidates, the
Editorial Board can consider whether this lag time is sufficient for
bringing new entries into CVE.

Voters:
  Christey NOOP(2)
  Cole ACCEPT(13) MODIFY(2)
  Stracener ACCEPT(14) MODIFY(1)
  Blake ACCEPT(14) RECAST(1)


- Steve

=================================
Candidate: CAN-1999-0972
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow
Reference: BID:863

Buffer overflow in Xshipwars xsw program.

INFERRED VOTE: CAN-1999-0972 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(2) Blake, Stracener
   MODIFY(1) Cole
   NOOP(1) Christey

COMMENTS:
 Cole> The buffer overflow is in the server and only in certain versions.
 Christey> Version numbers are not necessary to distinguish this
 Christey> from other candidates/entries.


=================================
Candidate: CAN-1999-0973
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:858

Buffer overflow in Solaris snoop program allows remote attackers to
gain root privileges via a long domain name when snoop is running in
verbose mode.

INFERRED VOTE: CAN-1999-0973 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0974
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: ISS:19991209 Buffer Overflow in Solaris Snoop
Reference: SUN:00190
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: BID:864

Buffer overflow in Solaris snoop allows remote attackers to gain root
privileges via GETQUOTA requests to the rpc.rquotad service.

INFERRED VOTE: CAN-1999-0974 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0975
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT
Reference: BID:868

The Windows help system can allow a local user to execute commands as
another user by editing a table of contents metafile with a .CNT
extension and modifying the topic action to include the commands to be
executed when the .hlp file is accessed.

INFERRED VOTE: CAN-1999-0975 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0977
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: SF-INCIDENTS:19991209 sadmind
Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability
Reference: CERT:CA-99-16
Reference: BID:866

Buffer overflow in Solaris sadmind allows remote attackers to gain
root privileges using a NETMGT_PROC_SERVICE request.

INFERRED VOTE: CAN-1999-0977 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0978
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: DEBIAN:19991209
Reference: BID:867

htdig allows remote attackers to execute commands via filenames with
shell metacharacters.

Modifications:
  DESC exclude Debian

INFERRED VOTE: CAN-1999-0978 RECAST (1 recast, 2 accept, 0 review)

VOTES:
   MODIFY(2) Cole, Stracener
   NOOP(1) Christey
   RECAST(1) Blake

COMMENTS:
 Cole> This occurs when it tries to handle non HTML files.
 Blake> if htdig is not unique to Debian (not sure).
 Stracener> This is a multi-platform vulnerability, at least in theory (given that Htdig
 Stracener> can run on platforms other than Debian). We might get more milage out of
 Stracener> this CAN by removing the word "Debian" from the description.
 Christey> The Debian advisory and associated patches show that the
 Christey> problem is not Debian-specific, so I removed Debian from
 Christey> the description as recommended.  The confusion arose because
 Christey> Debian appears to be the developer of this package.


=================================
Candidate: CAN-1999-0979
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: BID:869

The SCO UnixWare privileged process system allows local users to gain
root privileges by using a debugger such as gdb to insert traps into
_init before the privileged process is executed.

INFERRED VOTE: CAN-1999-0979 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0980
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: MS:MS99-055
Reference: MSKB:Q246045

Windows NT Service Control Manager (SCM) allows remote attackers to
cause a denial of service via a malformed argument in a resource
enumeration request.

INFERRED VOTE: CAN-1999-0980 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0981
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: MS:MS99-050
Reference: MSKB:Q246094

Internet Explorer 5.01 and earlier allows a remote attacker to create
a reference to a client window and use a server-side redirect to
access local files via that window, aka "Server-side Page Reference
Redirect."

INFERRED VOTE: CAN-1999-0981 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0982
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: unknown
Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file

The Sun Web-Based Enterprise Management (WBEM) installation script
stores a password in plaintext in a world readable file.

INFERRED VOTE: CAN-1999-0982 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0986
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991209 Big problem on 2.0.x?
Reference: BID:870

The ping command in Linux 2.0.3x allows local users to cause a denial
of service by sending large packets with the -R (record route)
option.

INFERRED VOTE: CAN-1999-0986 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0987
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name
Reference: MSKB:Q237923

Windows NT does not properly download a system policy if the domain
user logs into the domain with a space at the end of the domain name.

INFERRED VOTE: CAN-1999-0987 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0989
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: NTBUGTRAQ:19991205 new IE5 remote exploit
Reference: BUGTRAQ:19991205 new IE5 remote exploit
Reference: BID:861

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX)
allows remote attackers to execute commands via the vnd.ms.radio
protocol.

INFERRED VOTE: CAN-1999-0989 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0990
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: BUGTRAQ:19991205 gdm thing

Error messages generated by gdm with the VerboseAuth setting allows an
attacker to identify valid users on a system.

CONTENT-DECISIONS: SA-INFO

INFERRED VOTE: CAN-1999-0990 ACCEPT (3 accept, 0 review) HAS_CDS

VOTES:
   ACCEPT(3) Cole, Blake, Stracener


=================================
Candidate: CAN-1999-0991
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991214
Category: SF
Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: BID:862

Buffer overflow in GoodTech Telnet Server NT allows remote users to
cause a denial of service via a long login name.

INFERRED VOTE: CAN-1999-0991 ACCEPT (3 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Stracener

Page Last Updated or Reviewed: May 22, 2007