[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FINAL] ACCEPT 19 legacy candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [FINAL] ACCEPT 19 legacy candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Wed, 12 Jul 2000 18:56:10 -0400 (EDT)
Delivery-Date: Wed Jul 12 18:56:15 2000
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0378	CVE-1999-0378
CAN-1999-0387	CVE-1999-0387
CAN-1999-0415	CVE-1999-0415
CAN-1999-0416	CVE-1999-0416
CAN-1999-0959	CVE-1999-0959
CAN-2000-0352	CVE-2000-0352
CAN-2000-0353	CVE-2000-0353
CAN-2000-0354	CVE-2000-0354
CAN-2000-0356	CVE-2000-0356
CAN-2000-0359	CVE-2000-0359
CAN-2000-0360	CVE-2000-0360
CAN-2000-0361	CVE-2000-0361
CAN-2000-0362	CVE-2000-0362
CAN-2000-0363	CVE-2000-0363
CAN-2000-0367	CVE-2000-0367
CAN-2000-0370	CVE-2000-0370
CAN-2000-0371	CVE-2000-0371
CAN-2000-0372	CVE-2000-0372
CAN-2000-0373	CVE-2000-0373


=================================
Candidate: CAN-1999-0378
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000106-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: XF:viruswall-http-request

InterScan VirusWall for Solaris doesn't scan files for viruses when
a single HTTP request includes two GET commands.

Modifications:
  ADDREF XF:viruswall-http-request
  ADDREF BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available

INFERRED ACTION: CAN-1999-0378 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:viruswall-http-request


=================================
Candidate: CAN-1999-0387
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000626-02
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: MS:MS99-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp
Reference: MSKB:Q168115
Reference: BID:829
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=829
Reference: XF:9x-plaintext-pwd

A legacy credential caching mechanism used in Windows 95 and Windows
98 systems allows attackers to read plaintext network passwords.

Modifications:
  ADDREF MS:MS99-052
  ADDREF MSKB:Q168115
  ADDREF BID:829
  ADDREF XF:9x-plaintext-pwd

INFERRED ACTION: CAN-1999-0387 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Cole

Comments:
 Frech> Term 'legacy' is vague and can be subject to interpretation. Require a
   reference to establish this vulnerability.
 Christey> Added refs.  Interestingly, this candidate was assigned
   on June 7, 1999, but there were no references until the
   Microsoft advisory in late November.  I have lost the
   original reference.
 Frech> XF:9x-plaintext-pwd


=================================
Candidate: CAN-1999-0415
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled
by default, which allows remote attackers to change the router's
configuration.

Modifications:
  ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
  ADDREF CIAC:J-034
  ADDREF XF:cisco-router-commands
  ADDREF XF:cisco-web-config
  CHANGEREF ISS [normalize]
  DESC reword

INFERRED ACTION: CAN-1999-0415 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Frech, Christey

Comments:
 Frech> Reference: ISS:March11,1999 (consistent with cluster 1, CAN-1999-0008)
   XF:cisco-router-commands
   XF:cisco-web-config
 Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
   URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
   ADDREF CIAC:J-034
   ADDREF URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml

   Consider a description like:
   The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled
   by default, which allows remote attackers to change the router's
   configuration.


=================================
Candidate: CAN-1999-0416
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: XF:cisco-web-crash

Vulnerability in Cisco 7xx series routers allows a remote attacker to
cause a system reload via a TCP connection to the router's TELNET
port.

Modifications:
  ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
  ADDREF CIAC:J-034
  ADDREF XF:cisco-web-crash
  CHANGEREF ISS [normalize]
  DESC reword

INFERRED ACTION: CAN-1999-0416 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Frech, Christey

Comments:
 Frech> Reference: ISS:March11,1999
   XF:cisco-web-crash
 Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
   http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
   ADDREF CIAC:J-034
   http://ciac.llnl.gov/ciac/bulletins/j-034.shtml

   Consider a description like:
   Vulnerability in Cisco 7xx series routers allows a remote attacker to
   cause a system reload via a TCP connection to the router's TELNET
   port.


=================================
Candidate: CAN-1999-0959
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: AUSCERT:AA-97-05
Reference: SGI:19980301-01-PX
Reference: XF:irix-startmidi-file-creation

IRIX startmidi program allows local users to modify arbitrary files
via a symlink attack.

Modifications:
  ADDREF XF:irix-startmidi-file-creation
  DESC remove stopmidi

INFERRED ACTION: CAN-1999-0959 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Cole, Ozancin, Prosser, Stracener, Meunier
   MODIFY(1) Frech
   NOOP(2) Armstrong, Christey

Comments:
 Frech> XF:irix-startmidi-file-creation
 Christey> It appeared that CD:SF-EXEC applied here, but the bug is just
   in startmidi, not stopmidi.  So get rid of stopmidi in the
   description.


=================================
Candidate: CAN-2000-0352
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_36.txt
Reference: XF:pine-remote-exe
Reference: BID:810
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=810

Pine before version 4.21 does not properly filter shell metacharacters
from URLs, which allows remote attackers to execute arbitrary commands
via a malformed URL.

Modifications:
  ADDREF XF:pine-remote-exe

INFERRED ACTION: CAN-2000-0352 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:pine-remote-exe


=================================
Candidate: CAN-2000-0353
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt
Reference: BID:1247
Reference: XF:pine-lynx-execute-commands

Pine 4.x allows a remote attacker to execute arbitrary commands via an
index.html file which executes lynx and obtains a uudecoded file from
a malicious web server, which is then executed by Pine.

Modifications:
  ADDREF BID:1247
  ADDREF XF:pine-lynx-execute-commands

INFERRED ACTION: CAN-2000-0353 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Cole

Comments:
 Christey> ADDREF BID:1247
 Frech> XF:pine-lynx-execute-commands


=================================
Candidate: CAN-2000-0354
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_22.txt
Reference: BID:681
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=681
Reference: XF:mirror-perl-remote-file-creation

mirror 2.8.x in Linux systems allows remote attackers to create files
one level above the local target directory.

INFERRED ACTION: CAN-2000-0354 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0356
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login
Reference: BID:697
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=697

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not
properly lock access to disabled NIS accounts.

INFERRED ACTION: CAN-2000-0356 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0359
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt
Reference: XF:thttpd-ifmodifiedsince-header-dos
Reference: BID:1248

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to
cause a denial of service or execute arbitrary commands via a long
If-Modified-Since header.

Modifications:
  ADDREF BID:1248
  ADDREF XF:thttpd-ifmodifiedsince-header-dos

INFERRED ACTION: CAN-2000-0359 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Stracener, Levy, Cole
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> ADDREF BID:1248
 Frech> XF:thttpd-ifmodifiedsince-header-dos


=================================
Candidate: CAN-2000-0360
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_34.txt
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt
Reference: XF:inn-remote-dos
Reference: BID:1249

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to
cause a denial of service via a maliciously formatted article.

Modifications:
  ADDREF BID:1249
  ADDREF XF:inn-remote-dos

INFERRED ACTION: CAN-2000-0360 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> ADDREF BID:1249
 Frech> XF:inn-remote-dos


=================================
Candidate: CAN-2000-0361
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_35.txt
Reference: XF:wvdial-gain-dialup-info

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a
.config file with world readable permissions, which allows a local
attacker in the dialout group to access login and password
information.

Modifications:
  ADDREF XF:wvdial-gain-dialup-info

INFERRED ACTION: CAN-2000-0361 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:wvdial-gain-dialup-info


=================================
Candidate: CAN-2000-0362
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738
Reference: XF:linux-cdda2cdr

Buffer overflows in Linux cdwtools 093 and earlier allows local users
to gain root privileges.

Modifications:
  ADDREF XF:linux-cdda2cdr

INFERRED ACTION: CAN-2000-0362 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:linux-cdda2cdr


=================================
Candidate: CAN-2000-0363
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt
Reference: BID:738
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738
Reference: XF:linux-cdda2cdr

Linux cdwtools 093 and earlier allows local users to gain root
privileges via the /tmp directory.

Modifications:
  ADDREF XF:linux-cdda2cdr

INFERRED ACTION: CAN-2000-0363 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:linux-cdda2cdr


=================================
Candidate: CAN-2000-0367
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm

Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to
gain root privileges.

INFERRED ACTION: CAN-2000-0367 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0370
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
Reference: BID:1268
Reference: XF:caldera-smail-rmail-command

The debug option in Caldera Linux smail allows remote attackers to
execute commands via shell metacharacters in the -D option for the
rmail command.

Modifications:
  ADDREF BID:1268
  ADDREF XF:caldera-smail-rmail-command

INFERRED ACTION: CAN-2000-0370 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Cole

Comments:
 Christey> ADDREF BID:1268
   URL:http://www.securityfocus.com/bid/1268
 Frech> XF:caldera-smail-rmail-command


=================================
Candidate: CAN-2000-0371
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: BID:1269
Reference: XF:kde-mediatool

The libmediatool library used for the KDE mediatool allows local users
to create arbitrary files via a symlink attack.

Modifications:
  ADDREF BID:1269

INFERRED ACTION: CAN-2000-0371 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Frech
   NOOP(1) Christey

Comments:
 Christey> BID:1269
   ADDREF URL:http://www.securityfocus.com/bid/1269


=================================
Candidate: CAN-2000-0372
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: XF:linux-rmt
Reference: URL:http://xforce.iss.net/static/2268.php

Vulnerability in Caldera rmt command in the dump package 0.4b4 allows
a local user to gain root privileges.

INFERRED ACTION: CAN-2000-0372 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Frech


=================================
Candidate: CAN-2000-0373
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt
Reference: URL:http://xforce.iss.net/static/2266.php

Vulnerabilities in the KDE kvt terminal program allow local users to
gain root privileges.

INFERRED ACTION: CAN-2000-0373 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Stracener, Frech
Prev by Date: [FINAL] ACCEPT 30 recent candidates
Next by Date: [CVEPRI] CVE version 20000712 to be released (815 entries)
Prev by thread: [FINAL] ACCEPT 30 recent candidates
Next by thread: [CVEPRI] CVE version 20000712 to be released (815 entries)
Index(es):
- Date
- Thread