[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 22 legacy candidates (Final 7/12)
I have made an Interim Decision to ACCEPT the following 22 legacy
candidates from various clusters. I will make a Final Decision on
July 12.
Most of these are from the LINUX-99 cluster (1999 advisories from
Linux vendors) and have the minimum 2 ACCEPT votes with vendor
acknowledgement.
The breakdown by cluster is as follows:
2 MULT
2 VERIFY-BUGTRAQ
1 VERIFY-TOOL
1 CERT2
20 LINUX-99
Voters:
Wall NOOP(1)
Levy ACCEPT(1)
Ozancin ACCEPT(1)
Cole ACCEPT(1) NOOP(1)
Meunier ACCEPT(1)
Stracener ACCEPT(21)
Frech ACCEPT(6) MODIFY(16)
Christey MODIFY(2) NOOP(7)
Northcutt NOOP(1)
Armstrong NOOP(1)
Prosser ACCEPT(1)
=================================
Candidate: CAN-1999-0247
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-02
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: XF:inn-bo
Buffer overflow in nnrpd program in INN up to version 1.6 allows
remote users to execute arbitrary commands.
Modifications:
ADDREF NAI:17
add version number
CHANGEREF NAI:17 [normalize]
ADDREF XF:inn-bo
INFERRED ACTION: CAN-1999-0247 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(1) Northcutt
Comments:
Frech> XF:inn-bo
=================================
Candidate: CAN-1999-0378
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000106-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: XF:viruswall-http-request
InterScan VirusWall for Solaris doesn't scan files for viruses when
a single HTTP request includes two GET commands.
Modifications:
ADDREF XF:viruswall-http-request
ADDREF BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
INFERRED ACTION: CAN-1999-0378 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:viruswall-http-request
=================================
Candidate: CAN-1999-0387
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-02
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: MS:MS99-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp
Reference: MSKB:Q168115
Reference: BID:829
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=829
Reference: XF:9x-plaintext-pwd
A legacy credential caching mechanism used in Windows 95 and Windows
98 systems allows attackers to read plaintext network passwords.
Modifications:
ADDREF MS:MS99-052
ADDREF MSKB:Q168115
ADDREF BID:829
ADDREF XF:9x-plaintext-pwd
INFERRED ACTION: CAN-1999-0387 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(3) Christey, Wall, Cole
Comments:
Frech> Term 'legacy' is vague and can be subject to interpretation. Require a
reference to establish this vulnerability.
Christey> Added refs. Interestingly, this candidate was assigned
on June 7, 1999, but there were no references until the
Microsoft advisory in late November. I have lost the
original reference.
Frech> XF:9x-plaintext-pwd
=================================
Candidate: CAN-1999-0415
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled
by default, which allows remote attackers to change the router's
configuration.
Modifications:
ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
ADDREF CIAC:J-034
ADDREF XF:cisco-router-commands
ADDREF XF:cisco-web-config
CHANGEREF ISS [normalize]
DESC reword
INFERRED ACTION: CAN-1999-0415 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(2) Frech, Christey
Comments:
Frech> Reference: ISS:March11,1999 (consistent with cluster 1, CAN-1999-0008)
XF:cisco-router-commands
XF:cisco-web-config
Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
ADDREF CIAC:J-034
ADDREF URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Consider a description like:
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled
by default, which allows remote attackers to change the router's
configuration.
=================================
Candidate: CAN-1999-0416
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-web-crash
Vulnerability in Cisco 7xx series routers allows a remote attacker to
cause a system reload via a TCP connection to the router's TELNET
port.
Modifications:
ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
ADDREF CIAC:J-034
ADDREF XF:cisco-web-crash
CHANGEREF ISS [normalize]
DESC reword
INFERRED ACTION: CAN-1999-0416 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(2) Frech, Christey
Comments:
Frech> Reference: ISS:March11,1999
XF:cisco-web-crash
Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
ADDREF CIAC:J-034
http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Consider a description like:
Vulnerability in Cisco 7xx series routers allows a remote attacker to
cause a system reload via a TCP connection to the router's TELNET
port.
=================================
Candidate: CAN-1999-0959
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: AUSCERT:AA-97-05
Reference: SGI:19980301-01-PX
Reference: XF:irix-startmidi-file-creation
IRIX startmidi program allows local users to modify arbitrary files
via a symlink attack.
Modifications:
ADDREF XF:irix-startmidi-file-creation
DESC remove stopmidi
INFERRED ACTION: CAN-1999-0959 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Ozancin, Prosser, Stracener, Meunier
MODIFY(1) Frech
NOOP(2) Armstrong, Christey
Comments:
Frech> XF:irix-startmidi-file-creation
Christey> It appeared that CD:SF-EXEC applied here, but the bug is just
in startmidi, not stopmidi. So get rid of stopmidi in the
description.
=================================
Candidate: CAN-2000-0352
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_36.txt
Reference: XF:pine-remote-exe
Reference: BID:810
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=810
Pine before version 4.21 does not properly filter shell metacharacters
from URLs, which allows remote attackers to execute arbitrary commands
via a malformed URL.
Modifications:
ADDREF XF:pine-remote-exe
INFERRED ACTION: CAN-2000-0352 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:pine-remote-exe
=================================
Candidate: CAN-2000-0353
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt
Reference: BID:1247
Reference: XF:pine-lynx-execute-commands
Pine 4.x allows a remote attacker to execute arbitrary commands via an
index.html file which executes lynx and obtains a uudecoded file from
a malicious web server, which is then executed by Pine.
Modifications:
ADDREF BID:1247
ADDREF XF:pine-lynx-execute-commands
INFERRED ACTION: CAN-2000-0353 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(1) Christey
Comments:
Christey> ADDREF BID:1247
Frech> XF:pine-lynx-execute-commands
=================================
Candidate: CAN-2000-0354
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_22.txt
Reference: BID:681
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=681
Reference: XF:mirror-perl-remote-file-creation
mirror 2.8.x in Linux systems allows remote attackers to create files
one level above the local target directory.
INFERRED ACTION: CAN-2000-0354 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Frech
=================================
Candidate: CAN-2000-0356
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login
Reference: BID:697
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=697
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not
properly lock access to disabled NIS accounts.
INFERRED ACTION: CAN-2000-0356 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Frech
=================================
Candidate: CAN-2000-0359
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt
Reference: XF:thttpd-ifmodifiedsince-header-dos
Reference: BID:1248
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to
cause a denial of service or execute arbitrary commands via a long
If-Modified-Since header.
Modifications:
ADDREF BID:1248
ADDREF XF:thttpd-ifmodifiedsince-header-dos
INFERRED ACTION: CAN-2000-0359 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(1) Christey
Comments:
Christey> ADDREF BID:1248
Frech> XF:thttpd-ifmodifiedsince-header-dos
=================================
Candidate: CAN-2000-0360
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_34.txt
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt
Reference: XF:inn-remote-dos
Reference: BID:1249
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to
cause a denial of service via a maliciously formatted article.
Modifications:
ADDREF BID:1249
ADDREF XF:inn-remote-dos
INFERRED ACTION: CAN-2000-0360 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(1) Christey
Comments:
Christey> ADDREF BID:1249
Frech> XF:inn-remote-dos
=================================
Candidate: CAN-2000-0361
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_35.txt
Reference: XF:wvdial-gain-dialup-info
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a
.config file with world readable permissions, which allows a local
attacker in the dialout group to access login and password
information.
Modifications:
ADDREF XF:wvdial-gain-dialup-info
INFERRED ACTION: CAN-2000-0361 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:wvdial-gain-dialup-info
=================================
Candidate: CAN-2000-0362
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738
Reference: XF:linux-cdda2cdr
Buffer overflows in Linux cdwtools 093 and earlier allows local users
to gain root privileges.
Modifications:
ADDREF XF:linux-cdda2cdr
INFERRED ACTION: CAN-2000-0362 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:linux-cdda2cdr
=================================
Candidate: CAN-2000-0363
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738
Reference: XF:linux-cdda2cdr
Linux cdwtools 093 and earlier allows local users to gain root
privileges via the /tmp directory.
Modifications:
ADDREF XF:linux-cdda2cdr
INFERRED ACTION: CAN-2000-0363 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:linux-cdda2cdr
=================================
Candidate: CAN-2000-0366
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership
dump in Debian Linux 2.1 does not properly restore symlinks, which
allows a local user to modify the ownership of arbitrary files.
Modifications:
ADDREF XF:debian-dump-modify-ownership
INFERRED ACTION: CAN-2000-0366 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:debian-dump-modify-ownership
=================================
Candidate: CAN-2000-0367
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm
Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to
gain root privileges.
INFERRED ACTION: CAN-2000-0367 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Frech
=================================
Candidate: CAN-2000-0370
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
Reference: BID:1268
Reference: XF:caldera-smail-rmail-command
The debug option in Caldera Linux smail allows remote attackers to
execute commands via shell metacharacters in the -D option for the
rmail command.
Modifications:
ADDREF BID:1268
ADDREF XF:caldera-smail-rmail-command
INFERRED ACTION: CAN-2000-0370 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(1) Christey
Comments:
Christey> ADDREF BID:1268
URL:http://www.securityfocus.com/bid/1268
Frech> XF:caldera-smail-rmail-command
=================================
Candidate: CAN-2000-0371
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: BID:1269
Reference: XF:kde-mediatool
The libmediatool library used for the KDE mediatool allows local users
to create arbitrary files via a symlink attack.
Modifications:
ADDREF BID:1269
INFERRED ACTION: CAN-2000-0371 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Frech
NOOP(1) Christey
Comments:
Christey> BID:1269
ADDREF URL:http://www.securityfocus.com/bid/1269
=================================
Candidate: CAN-2000-0372
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: XF:linux-rmt
Reference: URL:http://xforce.iss.net/static/2268.php
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows
a local user to gain root privileges.
INFERRED ACTION: CAN-2000-0372 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Frech
=================================
Candidate: CAN-2000-0373
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt
Reference: URL:http://xforce.iss.net/static/2266.php
Vulnerabilities in the KDE kvt terminal program allow local users to
gain root privileges.
INFERRED ACTION: CAN-2000-0373 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Frech
=================================
Candidate: CAN-2000-0374
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: CF
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: XF:caldera-kdm-default-configuration
The default configuration of kdm in Caldera Linux allows XDMCP
connections from any host, which allows remote attackers to obtain
sensitive information or bypass additional access restrictions.
Modifications:
ADDREF XF:caldera-kdm-default-configuration
INFERRED ACTION: CAN-2000-0374 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:caldera-kdm-default-configuration