[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [VOTEPRI] 17 high priority candidates as of 7/5/2000

* Steven M. Christey (coley@LINUS.MITRE.ORG) [000706 01:55]:
> The following candidates have vendor acknowledgement and require one
> more vote to be accepted.
> 
> - Steve
> 
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> KEY FOR INFERRED ACTIONS
> ------------------------
> 
> Inferred actions capture the voting status of a candidate.  They may
> be used by the Editor to determine whether or not a candidate is added
> to CVE.  Where there is disagreement, the Editor must resolve the
> issue and achieve consensus, or make the final decision if consensus
> cannot be reached.
> 
> - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT
> - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement
> - MOREVOTES = needs more votes
> - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING
> - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright
> - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's
> - REVIEWING = at least one member is REVIEWING
> - REJECT = at least one member REJECTed
> - REVOTE = members should review their vote on this candidate
> 
> =================================
> Candidate: CAN-1999-0247
> Published:
> Final-Decision:
> Interim-Decision:
> Modified: 19991130-01
> Proposed: 19990728
> Assigned: 19990607
> Category: SF
> Reference: NAI:17
> 
> Buffer overflow in nnrpd program in INN up to version 1.6 allows
> remote users to execute arbitrary commands.
> 
> Modifications:
>   ADDREF NAI:17
>   add version number
> 
> INFERRED ACTION: CAN-1999-0247 MOREVOTES-1 (1 accept, 1 ack, 0 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(1) Northcutt
> 
> 
> VOTE: REVIEWING
> 
> =================================
> Candidate: CAN-1999-0298
> Published:
> Final-Decision:
> Interim-Decision:
> Modified: 20000524-01
> Proposed: 19990714
> Assigned: 19990607
> Category: SF
> Reference: NAI:19970205 Vulnerabilities in Ypbind when run with -ypset/-ypsetme
> Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/06_ypbindsetme_adv.asp
> 
> ypbind with -ypset and -ypsetme options activated in Linux Slackware
> and SunOS allows local and remote attackers to overwrite files via a
> .. (dot dot) attack.
> 
> Modifications:
>   CHANGEREF NAI:NAI-6
>   Add details to description.
> 
> INFERRED ACTION: CAN-1999-0298 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    ACCEPT(1) Northcutt
>    NOOP(1) Shostack
>    REVIEWING(1) Frech
> 
> 
> VOTE: REVIEWING
> 
> =================================
> Candidate: CAN-2000-0045
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000125
> Assigned: 20000122
> Category: SF
> Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
> Reference: BUGTRAQ:20000113 New MySQL Available
> Reference: BID:926
> Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=926
> 
> MySQL allows local users to modify passwords for arbitrary MySQL users
> via the GRANT privilege.
> 
> INFERRED ACTION: CAN-2000-0045 MOREVOTES-1 (1 accept, 1 ack, 0 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0063
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000125
> Assigned: 20000122
> Category: SF
> Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
> Reference: BID:938
> Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938
> 
> cgiproc CGI script in Nortel Contivity HTTP server allows remote
> attackers to read arbitrary files by specifying the filename in a
> parameter to the script.
> 
> INFERRED ACTION: CAN-2000-0063 MOREVOTES-1 (1 accept, 1 ack, 0 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0064
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000125
> Assigned: 20000122
> Category: SF
> Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
> Reference: BID:938
> Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938
> 
> cgiproc CGI script in Nortel Contivity HTTP server allows remote
> attackers to cause a denial of service via a malformed URL that
> includes shell metacharacters.
> 
> INFERRED ACTION: CAN-2000-0064 MOREVOTES-1 (1 accept, 1 ack, 0 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0076
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000125
> Assigned: 20000122
> Category: SF
> Reference: BUGTRAQ:19991230 vibackup.sh
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2
> Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script
> Reference: URL:http://www.debian.org/security/2000/20000108
> 
> nviboot boot script in the Debian nvi package allows local users to
> delete files via malformed entries in vi.recover.
> 
> INFERRED ACTION: CAN-2000-0076 MOREVOTES-1 (1 accept, 1 ack, 0 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(3) Levy, Wall, Cole
> 
> 
> VOTE: REVIEWING
> 
> =================================
> Candidate: CAN-2000-0094
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000208
> Assigned: 20000202
> Category: SF
> Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
> Reference: FREEBSD:FreeBSD-SA-00:02
> Reference: BID:940
> Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=940
> 
> procfs in BSD systems allows local users to gain root privileges by
> modifying the /proc/pid/mem interface via a modified file descriptor
> for stderr.
> 
> INFERRED ACTION: CAN-2000-0094 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    MODIFY(1) Frech
>    NOOP(2) Wall, Christey
>    REVIEWING(1) Cole
> 
> Comments:
>  Christey> BID:987 and NETBSD:2000-001 refer to a NetBSD procfs mem
>    problem that's probably the same problem as this one.
>  Frech> XF:netbsd-procfs
>  Christey> BID:987 has since been deleted, so I guess they agree ;-)
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0117
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000208
> Assigned: 20000208
> Category: SF
> Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
> Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
> 
> The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site
> Administrator to modify passwords for other users, site
> administrators, and possibly admin (root).
> 
> INFERRED ACTION: CAN-2000-0117 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    MODIFY(1) Frech
>    NOOP(1) Wall
>    REVIEWING(1) Cole
> 
> Comments:
>  Frech> XF:http-cgi-cobalt-passwords
> 
> 
> VOTE: MODIFY

Reference: BID 951

> 
> =================================
> Candidate: CAN-2000-0120
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000208
> Assigned: 20000208
> Category: SF
> Reference: ALLAIRE:ASB00-04
> Reference: BID:955
> Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=955
> 
> The Remote Access Service invoke.cfm template in Allaire Spectra 1.0
> allows users to bypass authentication via the bAuthenticated
> parameter.
> 
> INFERRED ACTION: CAN-2000-0120 MOREVOTES-1 (1 accept, 1 ack, 2 review)
> 
> Current Votes:
>    MODIFY(1) Frech
>    REVIEWING(2) Wall, Cole
> 
> Comments:
>  Frech> XF:allaire-spectra-ras-access
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0264
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000426
> Assigned: 20000426
> Category: SF/CF/MP/SA/AN/unknown
> Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
> Reference: BID:1119
> Reference: URL:http://www.securityfocus.com/bid/1119
> 
> Panda Security 3.0 with registry editing disabled allows users to edit
> the registry and gain privileges by directly executing a .reg file or
> using other methods.
> 
> INFERRED ACTION: CAN-2000-0264 MOREVOTES-1 (1 accept, 1 ack, 0 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(3) Wall, Cole, Christey
> 
> Comments:
>  Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0265
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000426
> Assigned: 20000426
> Category: SF
> Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
> Reference: BID:1119
> Reference: URL:http://www.securityfocus.com/bid/1119
> 
> Panda Security 3.0 allows users to uninstall the Panda software via
> its Add/Remove Programs applet.
> 
> INFERRED ACTION: CAN-2000-0265 MOREVOTES-1 (1 accept, 1 ack, 0 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(3) Wall, Cole, Christey
> 
> Comments:
>  Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0353
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000524
> Assigned: 20000523
> Category: SF
> Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
> Reference: SUSE:19990628 Execution of commands in Pine 4.x
> Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt
> Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
> Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt
> 
> Pine 4.x allows a remote attacker to execute arbitrary commands via an
> index.html file which executes lynx and obtains a uudecoded file from
> a malicious web server, which is then executed by Pine.
> 
> INFERRED ACTION: CAN-2000-0353 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(1) Christey
>    REVIEWING(1) Frech
> 
> Comments:
>  Christey> ADDREF BID:1247
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0359
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000524
> Assigned: 20000523
> Category: SF
> Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
> Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
> Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt
> 
> Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to
> cause a denial of service or execute arbitrary commands via a long
> If-Modified-Since header.
> 
> INFERRED ACTION: CAN-2000-0359 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(1) Christey
>    REVIEWING(1) Frech
> 
> Comments:
>  Christey> ADDREF BID:1248
>  Frech> (not thttpd-file-read)
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0366
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000524
> Assigned: 20000523
> Category: SF
> Reference: DEBIAN:19991202 problem restoring symlinks
> Reference: URL:http://www.debian.org/security/1999/19991202
> 
> dump in Debian Linux 2.1 does not properly restore symlinks, which
> allows a local user to modify the ownership of arbitrary files.
> 
> INFERRED ACTION: CAN-2000-0366 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    REVIEWING(1) Frech
> 
> 
> VOTE: REVIEWING
> 
> =================================
> Candidate: CAN-2000-0369
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000524
> Assigned: 20000523
> Category: SF
> Reference: CALDERA:CSSA-1999-029.1
> Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
> 
> The IDENT server in Caldera Linux 2.3 creates multiple threads for
> each IDENT request, which allows remote attackers to cause a denial of
> service.
> 
> INFERRED ACTION: CAN-2000-0369 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(1) Christey
>    REVIEWING(1) Frech
> 
> Comments:
>  Christey> ADDREF BID:1266
>  Christey> ADDREF BID:1266
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0370
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000524
> Assigned: 20000523
> Category: SF
> Reference: CALDERA:CSSA-1999-001.0
> Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
> 
> The debug option in Caldera Linux smail allows remote attackers to
> execute commands via shell metacharacters in the -D option for the
> rmail command.
> 
> INFERRED ACTION: CAN-2000-0370 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    NOOP(1) Christey
>    REVIEWING(1) Frech
> 
> Comments:
>  Christey> ADDREF BID:1268
>  Christey> ADDREF BID:1268
>    URL:http://www.securityfocus.com/bid/1268
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0374
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000524
> Assigned: 20000523
> Category: SF
> Reference: CALDERA:CSSA-1999-021.0
> Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
> 
> The default configuration of kdm in Caldera Linux allows XDMCP
> connections from any host, which allows remote attackers to obtain
> sensitive information or bypass additional access restrictions.
> 
> INFERRED ACTION: CAN-2000-0374 MOREVOTES-1 (1 accept, 1 ack, 1 review)
> 
> Current Votes:
>    ACCEPT(1) Stracener
>    REVIEWING(1) Frech
> 
> Comments:
>  Frech> (not xdm-xdmcp-remote-bo)
> 
> 
> VOTE: REVIEWING

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Page Last Updated or Reviewed: May 22, 2007