[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster MS-99 - 7 legacy candidates



* Steven M. Christey (coley@LINUS.MITRE.ORG) [000518 00:45]:
> The following cluster contains 7 legacy candidates, all of which are
> associated with Microsoft advisories that were published in 1999.
> With this cluster, we now have candidates (or entries) for all issues
> described in Microsoft advisories from that year.
> 
> All candidates have a "priority 1."  I encourage the Board to vote on
> these rapidly, within the minimum 2-week time frame before they are
> moved to Interim Decision.  The schedule for this cluster is:
> 
>   Scheduled Interim Decision: May 30
>   Scheduled Final Decision: June 5
> 
> Other legacy candidates related to 1999 advisories will be posted next
> week.
> 
> - Steve
> 
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> =================================
> Candidate: CAN-1999-1011
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 19991221
> Category: SF
> Reference: MS:MS98-004
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-004.asp
> Reference: MS:MS99-025
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
> Reference: CIAC:J-054
> Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml
> 
> The Remote Data Service (RDS) DataFactory component of Microsoft Data
> Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods,
> which allows remote attackers to execute arbitrary commands.
> 
> 
> ED_PRI CAN-1999-1011 1
> 
> 
> VOTE: MODIFY

Its a configuration problem. I thought we had category different from
software faults for confgiuration problems.

Reference: BID 529

> =================================
> Candidate: CAN-2000-0323
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability
> Reference: http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org
> Reference: http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=D1A11CCE78ADD111A35500805FD43F58019792A3@RED-MSG-04
> Reference: MS:MS99-030
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-030.asp
> Reference: BID:595
> Reference: URL:http://www.securityfocus.com/level2/?go=vulnerabilities&id=595
> 
> The Microsoft Jet database engine allows an attacker to modify text
> files via a database query, aka the "Text I-ISAM" vulnerability.
> 
> 
> ED_PRI CAN-2000-0323 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0325
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: MS:MS99-030
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-030.asp
> 
> The Microsoft Jet database engine allows an attacker to execute
> commands via a database query, aka the "VBA Shell" vulnerability.
> 
> 
> ED_PRI CAN-2000-0325 1
> 
> 
> VOTE: MODIFY

This is not a software fault. Its a design flaw (or a design decision if
you prefer ;-) The flaw can be then used via confguration errors 
(e.g. CAN-1999-1011) or input validation errors.


> =================================
> Candidate: CAN-2000-0327
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93993545118416&w=2
> Reference: MS:MS99-045
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-045.asp
> 
> Microsoft Virtual Machine (VM) allows remote attackers to escape the
> Java sandbox and execute commands via an applet containing an illegal
> cast operation, aka the "Virtual Machine Verifier" vulnerability.
> 
> 
> ED_PRI CAN-2000-0327 1
> 
> 
> VOTE: MODIFY

Reference BID 740

> =================================
> Candidate: CAN-2000-0328
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1
> Reference: MS:MS99-046
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-046.asp
> Reference: BID:604
> Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=604
> 
> Windows NT 4.0 generates predictable random TCP initial sequence
> numbers (ISN), which allows remote attackers to perform spoofing and
> session hijacking.
> 
> 
> ED_PRI CAN-2000-0328 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0329
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: MS:MS99-048
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-048.asp
> 
> A Microsoft ActiveX control allows a remote attacker to execute a
> malicious cabinet file via an attachment and an embedded script in an
> HTML mail, aka the "Active Setup Control" vulnerability.
> 
> 
> ED_PRI CAN-2000-0329 1
> 
> 
> VOTE: MODIFY

Reference: BID 775

> 
> =================================
> Candidate: CAN-2000-0330
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: MS:MS99-049
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-049.asp
> 
> The networking software in Windows 95 and Windows 98 allows remote
> attackers to execute commands via a long file name string, aka the
> "File Access URL" vulnerability.
> 
> 
> ED_PRI CAN-2000-0330 1
> 
> 
> VOTE: MODIFY

Reference: BID 779

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Page Last Updated or Reviewed: May 22, 2007