[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-17 - 15 candidates




>=================================
>Candidate: CAN-2000-0317
>Published:
>Final-Decision:
>Interim-Decision:
>Modified:
>Proposed: 20000518
>Assigned: 20000511
>Category: SF
>Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit.
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
>Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !)
>Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2
>Reference: SUNBUG:4334568
>Reference: BID:1138
>Reference: URL:http://www.securityfocus.com/bid/1138
>
>Buffer overflow in Solaris 7 lpset allows local users to gain root
>privileges via a long -r option.
>
>
>ED_PRI CAN-2000-0317 2
>

RECAST: there's a lot of confusion in this one. 

These point to buffer overflows:

>Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit.
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html

But these point to dlopen() in libprint that doesnt' check pathnames:
>Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !)
>Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2
>Reference: SUNBUG:4334568

And this is a bufferoverflow again:
>Reference: BID:1138
>Reference: URL:http://www.securityfocus.com/bid/1138



>
>=================================
>Candidate: CAN-2000-0316
>Published:
>Final-Decision:
>Interim-Decision:
>Modified:
>Proposed: 20000518
>Assigned: 20000511
>Category: SF
>Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
>Reference: BID:1143
>Reference: URL:http://www.securityfocus.com/bid/1143
>
>Buffer overflow in Solaris 7 lp allows local users to gain root
>privileges via a long -d option.
>
>
>ED_PRI CAN-2000-0316 3
>
>
>VOTE: MODIFY, this is one of many buffer overflows in libprint.so.2;
Reference: SUNBUG 4314312
>
>=================================
>Candidate: CAN-2000-0337
>Published:
>Final-Decision:
>Interim-Decision:
>Modified:
>Proposed: 20000518
>Assigned: 20000511
>Category: SF
>Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
>Reference: BID:1140
>Reference: URL:http://www.securityfocus.com/bid/1140
>
>Buffer overflow in Xsun X server in Solaris 7 allows local users to
>gain root privileges via a long -dev parameter.
>
>
>ED_PRI CAN-2000-0337 3
>
>
>VOTE:  MODIFY: Reference: SUNBUG: 4335411
>

Page Last Updated or Reviewed: May 22, 2007