[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 22 legacy candidates (Final 7/12)



I have made an Interim Decision to ACCEPT the following 22 legacy
candidates from various clusters.  I will make a Final Decision on
July 12.

Most of these are from the LINUX-99 cluster (1999 advisories from
Linux vendors) and have the minimum 2 ACCEPT votes with vendor
acknowledgement.

The breakdown by cluster is as follows:

   2 MULT
   2 VERIFY-BUGTRAQ
   1 VERIFY-TOOL
   1 CERT2
  20 LINUX-99

Voters:
  Wall NOOP(1)
  Levy ACCEPT(1)
  Ozancin ACCEPT(1)
  Cole ACCEPT(1) NOOP(1)
  Meunier ACCEPT(1)
  Stracener ACCEPT(21)
  Frech ACCEPT(6) MODIFY(16)
  Christey MODIFY(2) NOOP(7)
  Northcutt NOOP(1)
  Armstrong NOOP(1)
  Prosser ACCEPT(1)


=================================
Candidate: CAN-1999-0247
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-02
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: XF:inn-bo

Buffer overflow in nnrpd program in INN up to version 1.6 allows
remote users to execute arbitrary commands.

Modifications:
  ADDREF NAI:17
  add version number
  CHANGEREF NAI:17 [normalize]
  ADDREF XF:inn-bo

INFERRED ACTION: CAN-1999-0247 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(1) Northcutt

Comments:
 Frech> XF:inn-bo


=================================
Candidate: CAN-1999-0378
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000106-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: XF:viruswall-http-request

InterScan VirusWall for Solaris doesn't scan files for viruses when
a single HTTP request includes two GET commands.

Modifications:
  ADDREF XF:viruswall-http-request
  ADDREF BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available

INFERRED ACTION: CAN-1999-0378 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:viruswall-http-request


=================================
Candidate: CAN-1999-0387
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-02
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: MS:MS99-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp
Reference: MSKB:Q168115
Reference: BID:829
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=829
Reference: XF:9x-plaintext-pwd

A legacy credential caching mechanism used in Windows 95 and Windows
98 systems allows attackers to read plaintext network passwords.

Modifications:
  ADDREF MS:MS99-052
  ADDREF MSKB:Q168115
  ADDREF BID:829
  ADDREF XF:9x-plaintext-pwd

INFERRED ACTION: CAN-1999-0387 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Cole

Comments:
 Frech> Term 'legacy' is vague and can be subject to interpretation. Require a
   reference to establish this vulnerability.
 Christey> Added refs.  Interestingly, this candidate was assigned
   on June 7, 1999, but there were no references until the
   Microsoft advisory in late November.  I have lost the
   original reference.
 Frech> XF:9x-plaintext-pwd


=================================
Candidate: CAN-1999-0415
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled
by default, which allows remote attackers to change the router's
configuration.

Modifications:
  ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
  ADDREF CIAC:J-034
  ADDREF XF:cisco-router-commands
  ADDREF XF:cisco-web-config
  CHANGEREF ISS [normalize]
  DESC reword

INFERRED ACTION: CAN-1999-0415 ACCEPT_ACK (2 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Frech, Christey

Comments:
 Frech> Reference: ISS:March11,1999 (consistent with cluster 1, CAN-1999-0008)
   XF:cisco-router-commands
   XF:cisco-web-config
 Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
   URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
   ADDREF CIAC:J-034
   ADDREF URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml

   Consider a description like:
   The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled
   by default, which allows remote attackers to change the router's
   configuration.


=================================
Candidate: CAN-1999-0416
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-web-crash

Vulnerability in Cisco 7xx series routers allows a remote attacker to
cause a system reload via a TCP connection to the router's TELNET
port.

Modifications:
  ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
  ADDREF CIAC:J-034
  ADDREF XF:cisco-web-crash
  CHANGEREF ISS [normalize]
  DESC reword

INFERRED ACTION: CAN-1999-0416 ACCEPT_ACK (2 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Frech, Christey

Comments:
 Frech> Reference: ISS:March11,1999
   XF:cisco-web-crash
 Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
   http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
   ADDREF CIAC:J-034
   http://ciac.llnl.gov/ciac/bulletins/j-034.shtml

   Consider a description like:
   Vulnerability in Cisco 7xx series routers allows a remote attacker to
   cause a system reload via a TCP connection to the router's TELNET
   port.


=================================
Candidate: CAN-1999-0959
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: AUSCERT:AA-97-05
Reference: SGI:19980301-01-PX
Reference: XF:irix-startmidi-file-creation

IRIX startmidi program allows local users to modify arbitrary files
via a symlink attack.

Modifications:
  ADDREF XF:irix-startmidi-file-creation
  DESC remove stopmidi

INFERRED ACTION: CAN-1999-0959 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Cole, Ozancin, Prosser, Stracener, Meunier
   MODIFY(1) Frech
   NOOP(2) Armstrong, Christey

Comments:
 Frech> XF:irix-startmidi-file-creation
 Christey> It appeared that CD:SF-EXEC applied here, but the bug is just
   in startmidi, not stopmidi.  So get rid of stopmidi in the
   description.


=================================
Candidate: CAN-2000-0352
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_36.txt
Reference: XF:pine-remote-exe
Reference: BID:810
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=810

Pine before version 4.21 does not properly filter shell metacharacters
from URLs, which allows remote attackers to execute arbitrary commands
via a malformed URL.

Modifications:
  ADDREF XF:pine-remote-exe

INFERRED ACTION: CAN-2000-0352 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:pine-remote-exe


=================================
Candidate: CAN-2000-0353
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt
Reference: BID:1247
Reference: XF:pine-lynx-execute-commands

Pine 4.x allows a remote attacker to execute arbitrary commands via an
index.html file which executes lynx and obtains a uudecoded file from
a malicious web server, which is then executed by Pine.

Modifications:
  ADDREF BID:1247
  ADDREF XF:pine-lynx-execute-commands

INFERRED ACTION: CAN-2000-0353 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> ADDREF BID:1247
 Frech> XF:pine-lynx-execute-commands


=================================
Candidate: CAN-2000-0354
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_22.txt
Reference: BID:681
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=681
Reference: XF:mirror-perl-remote-file-creation

mirror 2.8.x in Linux systems allows remote attackers to create files
one level above the local target directory.

INFERRED ACTION: CAN-2000-0354 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0356
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login
Reference: BID:697
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=697

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not
properly lock access to disabled NIS accounts.

INFERRED ACTION: CAN-2000-0356 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0359
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt
Reference: XF:thttpd-ifmodifiedsince-header-dos
Reference: BID:1248

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to
cause a denial of service or execute arbitrary commands via a long
If-Modified-Since header.

Modifications:
  ADDREF BID:1248
  ADDREF XF:thttpd-ifmodifiedsince-header-dos

INFERRED ACTION: CAN-2000-0359 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> ADDREF BID:1248
 Frech> XF:thttpd-ifmodifiedsince-header-dos


=================================
Candidate: CAN-2000-0360
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_34.txt
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt
Reference: XF:inn-remote-dos
Reference: BID:1249

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to
cause a denial of service via a maliciously formatted article.

Modifications:
  ADDREF BID:1249
  ADDREF XF:inn-remote-dos

INFERRED ACTION: CAN-2000-0360 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> ADDREF BID:1249
 Frech> XF:inn-remote-dos


=================================
Candidate: CAN-2000-0361
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_35.txt
Reference: XF:wvdial-gain-dialup-info

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a
.config file with world readable permissions, which allows a local
attacker in the dialout group to access login and password
information.

Modifications:
  ADDREF XF:wvdial-gain-dialup-info

INFERRED ACTION: CAN-2000-0361 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:wvdial-gain-dialup-info


=================================
Candidate: CAN-2000-0362
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738
Reference: XF:linux-cdda2cdr

Buffer overflows in Linux cdwtools 093 and earlier allows local users
to gain root privileges.

Modifications:
  ADDREF XF:linux-cdda2cdr

INFERRED ACTION: CAN-2000-0362 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:linux-cdda2cdr


=================================
Candidate: CAN-2000-0363
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738
Reference: XF:linux-cdda2cdr

Linux cdwtools 093 and earlier allows local users to gain root
privileges via the /tmp directory.

Modifications:
  ADDREF XF:linux-cdda2cdr

INFERRED ACTION: CAN-2000-0363 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:linux-cdda2cdr


=================================
Candidate: CAN-2000-0366
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership

dump in Debian Linux 2.1 does not properly restore symlinks, which
allows a local user to modify the ownership of arbitrary files.

Modifications:
  ADDREF XF:debian-dump-modify-ownership

INFERRED ACTION: CAN-2000-0366 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:debian-dump-modify-ownership


=================================
Candidate: CAN-2000-0367
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm

Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to
gain root privileges.

INFERRED ACTION: CAN-2000-0367 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0370
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
Reference: BID:1268
Reference: XF:caldera-smail-rmail-command

The debug option in Caldera Linux smail allows remote attackers to
execute commands via shell metacharacters in the -D option for the
rmail command.

Modifications:
  ADDREF BID:1268
  ADDREF XF:caldera-smail-rmail-command

INFERRED ACTION: CAN-2000-0370 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> ADDREF BID:1268
   URL:http://www.securityfocus.com/bid/1268
 Frech> XF:caldera-smail-rmail-command


=================================
Candidate: CAN-2000-0371
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: BID:1269
Reference: XF:kde-mediatool

The libmediatool library used for the KDE mediatool allows local users
to create arbitrary files via a symlink attack.

Modifications:
  ADDREF BID:1269

INFERRED ACTION: CAN-2000-0371 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Frech
   NOOP(1) Christey

Comments:
 Christey> BID:1269
   ADDREF URL:http://www.securityfocus.com/bid/1269


=================================
Candidate: CAN-2000-0372
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: XF:linux-rmt
Reference: URL:http://xforce.iss.net/static/2268.php

Vulnerability in Caldera rmt command in the dump package 0.4b4 allows
a local user to gain root privileges.

INFERRED ACTION: CAN-2000-0372 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0373
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt
Reference: URL:http://xforce.iss.net/static/2266.php

Vulnerabilities in the KDE kvt terminal program allow local users to
gain root privileges.

INFERRED ACTION: CAN-2000-0373 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0374
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: CF
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: XF:caldera-kdm-default-configuration

The default configuration of kdm in Caldera Linux allows XDMCP
connections from any host, which allows remote attackers to obtain
sensitive information or bypass additional access restrictions.

Modifications:
  ADDREF XF:caldera-kdm-default-configuration

INFERRED ACTION: CAN-2000-0374 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:caldera-kdm-default-configuration

Page Last Updated or Reviewed: May 22, 2007