[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 33 legacy candidates (Final 10/13)



I have made an Interim Decision to ACCEPT the following 33 legacy
candidates from various clusters.  These candidates were proposed in
1999.  I will make a Final Decision on October 13.

Thanks to all the Board members who got their votes in!  15 different
members have voted since October 1.

Voters:
  Shostack ACCEPT(1) MODIFY(1)
  Levy ACCEPT(19) MODIFY(2)
  Landfield ACCEPT(15) NOOP(8)
  Cole ACCEPT(20) MODIFY(2) NOOP(5)
  Bishop ACCEPT(3) MODIFY(1) NOOP(3)
  Baker MODIFY(5)
  Stracener ACCEPT(20) MODIFY(5) REVIEWING(1)
  Frech ACCEPT(2) MODIFY(30) NOOP(1)
  Proctor ACCEPT(1)
  Hill ACCEPT(3)
  Christey NOOP(14)
  Northcutt ACCEPT(3) NOOP(2) REJECT(1)
  Prosser ACCEPT(1) MODIFY(2) REVIEWING(2)
  Wall ACCEPT(10) NOOP(13)
  Ozancin ACCEPT(5) NOOP(17)
  Armstrong ACCEPT(5) NOOP(8) REVIEWING(2)
  Balinsky ACCEPT(1)
  Blake ACCEPT(10) MODIFY(1)


======================================================
Candidate: CAN-1999-0145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0145
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-1990-11
Reference: URL:http://www.cert.org/advisories/CA-1990-11.html
Reference: CERT:CA-1993-14
Reference: URL:http://www.cert.org/advisories/CA-1993-14.html
Reference: BUGTRAQ:19950206 sendmail wizard thing...
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0350.html
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html

Sendmail WIZ command enabled, allowing root access.


Modifications:
  ADDREF CERT:CA-1990-11
  ADDREF CERT:CA-1993-14
  ADDREF BUGTRAQ:19950206 sendmail wizard thing...
  ADDREF MISC:FarmerVenema:Improving the Security of Your Site by Breaking Into it

INFERRED ACTION: CAN-1999-0145 REJECT (1 reject, 6 accept, 0 review) HAS_CONFLICT

Current Votes:
   ACCEPT(4) Hill, Blake, Proctor, Balinsky
   MODIFY(2) Prosser, Frech
   NOOP(1) Christey
   REJECT(1) Northcutt

Voter Comments:
 Frech> XF:smtp-wiz
 Northcutt> I have voted against this before as well.  This raises the case of a
   historic but no longer existant vulnerability.  Or is there any data
   that wiz still exists on any operational systems?
 Prosser> additional sources
   Bugtraq
   "sendmail wizard thing"
   http://securityfocus/
   CERT Advisory CA-93.14
   http://www.cert.org
 Christey> While this may not be active anywhere (we hope), it is still
   of historic interest and potentially useful for academic
   study.  Therefore it should be included.
 Balinsky> Cisco's Security Profile Assessment teams still find this at customer sites.
 Christey> I also sent a post to the PEN-TEST list asking if people
   still see this, and I got a few positive responses.  See:
   PEN-TEST:20000914 Re: Debug command on Sendmail
   URL:http://www.securityfocus.com/archive/101/82783
   URL:http://www.securityfocus.com/archive/101/83102
   URL:http://www.securityfocus.com/archive/101/82978

   ADDREF MISC:FarmerVenema:Improving the Security of Your Site by Breaking Into it
   URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html

   ADDREF CERT:CA-1990-11
   URL:http://www.cert.org/advisories/CA-1990-11.html

   ADDREF BUGTRAQ:19950206 sendmail wizard thing...
   URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
   URL:http://www2.dataguard.no/bugtraq/1995_1/0350.html


======================================================
Candidate: CAN-1999-0247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0247
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: BID:1443
Reference: XF:inn-bo

Buffer overflow in nnrpd program in INN up to version 1.6 allows
remote users to execute arbitrary commands.


Modifications:
  ADDREF NAI:17
  add version number
  CHANGEREF NAI:17 [normalize]
  ADDREF XF:inn-bo
  ADDREF BID:1443

INFERRED ACTION: CAN-1999-0247 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Northcutt

Voter Comments:
 Frech> XF:inn-bo
 Christey> BID:1443
   URL:http://www.securityfocus.com/bid/1443


======================================================
Candidate: CAN-1999-0248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0248
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1

A race condition in the authentication agent mechanism of sshd 1.2.17
allows an attacker to steal another user's credentials.


Modifications:
  ADDREF MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
  ADDREF CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1
  DESC [add details]

INFERRED ACTION: CAN-1999-0248 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Northcutt, Armstrong, Landfield
   MODIFY(4) Baker, Bishop, Shostack, Blake
   NOOP(3) Frech, Wall, Ozancin

Voter Comments:
 Shostack> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
   looks to me to be about the correct message that came from Tatu.
   There are comments in changelog: * Improved the security of
   auth_input_request_forwarding().

   I'm not in favor of moving this forward without additional detail, but
   thought I'd add a confirming URL and comment.  We have insufficient
   detail to accept it as a CVE.
 Frech> Try http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1; to wit
   (see asterisked section):
   ...
   *****
   Versions of ssh prior to 1.2.17 had problems with authentication agent
   handling on some machines. There is a chance (a race condition) that a
   malicious user could steal another user's credentials. This should be fixed
   in 1.2.17.
   *****
 Blake> I concur with Adam that additional reference is needed.  Either or both
   references suggested are fine with me.
 Bishop> (need more detail)
 Baker> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html	Misc Defensive Info
   The bugs concern only SSH protocol version 1.5 implemented in  SSH server  version   1.2.17.  Later   versions  of   the server or applications that use version 2 of the SSH protocol are not affected  by  the  bugs.  An attacker with  the ability to  do active network-level  attacks can compromise  the security  of a  number of  aspects of  the SSH protocol as implemented in  SSH-1.2.17. While some of  the attacks are  fairly  serious,  even  in  the  worst case security is still better  than  with  rlogin  or  telnet.  Being  able to succeed in breaking SSH security requires intimate knowledge of the  protocol and the  implementation, access  to a  large amount  of processing power and expertise in TCP/IP networking.


======================================================
Candidate: CAN-1999-0358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0358
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990617
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
Reference: COMPAQ:SSRT0583U
Reference: XF:du-inc
Reference: CIAC:J-027

Digital Unix 4.0 has a buffer overflow in the inc program of the mh
package.


Modifications:
  ADDREF XF:du-inc
  ADDREF CIAC:J-027

INFERRED ACTION: CAN-1999-0358 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Hill, Northcutt, Shostack
   MODIFY(2) Frech, Prosser
   NOOP(1) Christey

Voter Comments:
 Prosser> Ref'd SSRT has an 'at' vulnerable as well supposedly fixed by
   the patch.  Shouldn't this be included as a seperate CVE in this
   cluster. ref:BugTraq "Digital Unix Buffer Overflows: Exploits" from
   Lamont Granquist for both as well.
 Frech> Reference: XF:du-inc
 Christey> ADDREF CIAC:J-027


======================================================
Candidate: CAN-1999-0393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0393
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!
Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2
Reference: XF:sendmail-parsing-redirection

Remote attackers can cause a denial of service in Sendmail 8.8.x and
8.9.2 by sending messages with a large number of headers.


Modifications:
  ADDREF XF:sendmail-parsing-redirection
  CHANGEREF BUGTRAQ [change date to 19981212]
  ADDREF BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware

INFERRED ACTION: CAN-1999-0393 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Blake, Ozancin, Landfield, Cole
   MODIFY(2) Frech, Baker
   NOOP(3) Christey, Bishop, Wall

Voter Comments:
 Frech> I assume that Reference: BUGTRAQ:Dec12,1999 is not attesting to the power of
   CVE to foresee events in the future. This reference should be 12/12/98.
   ADDREF XF:sendmail-parsing-redirection
 Christey>
   This issue is acknowledged in BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
   URL: http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2
 Landfield> with Frech modifications
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Baker> Vulnerability Reference (HTML)	Reference Type
   http://www.securityfocus.com/archive/1/11556	Misc Defensive Info
   http://xforce.iss.net/static/2300.php	Misc Defensive Info
 Christey> CVE-1999-0478 looks like it could be a duplicate, but
   HP's advisory is so vague that you can't be certain.  The
   only close hint is: "Public domain fixes now in sendmail
   8.9.3 have been ported to HP-UX sendmail 8.8.6 release patch."

   However, the HP advisory only says that HP 8.8.6 Sendmails
   "accept connections sub-optimally."  CAN-1999-0393
   clearly has nothing to do with mishandling connections.


======================================================
Candidate: CAN-1999-0395
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0395
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol
Reference: URL:http://xforce.iss.net/alerts/advise17.php
Reference: XF:backweb-polite-agent-protocol

A race condition in the BackWeb Polite Agent Protocol allows an
attacker to spoof a BackWeb server.


Modifications:
  CHANGEREF ISS [canonicalize]
  ADDREF XF:backweb-polite-agent-protocol

INFERRED ACTION: CAN-1999-0395 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Hill, Stracener
   MODIFY(1) Frech
   NOOP(2) Landfield, Northcutt

Voter Comments:
 Frech> XF:backweb-polite-agent-protocol


======================================================
Candidate: CAN-1999-0403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0403
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2
Reference: XF:cyrix-hang

A bug in Cyrix CPUs on Linux allows local users to perform a denial
of service.


Modifications:
  CHANGEREF BUGTRAQ [canonicalize]

INFERRED ACTION: CAN-1999-0403 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Northcutt
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cyrix-hang(1716)
   In description, correct plural usage is "CPUs."


======================================================
Candidate: CAN-1999-0429
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0429
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990726
Assigned: 19990607
Category: CF
Reference: BUGTRAQ:19990323
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2
Reference: BUGTRAQ:19990324 Re: LNotes encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2
Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2
Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2
Reference: XF:lotus-client-encryption

The Lotus Notes 4.5 client may send a copy of encrypted mail in the
clear across the network if the user does not set the "Encrypt Saved
Mail" preference.


Modifications:
  CHANGEREF BUGTRAQ [canonicalize]
  ADDREF BUGTRAQ:19990324 Re: LNotes encryption
  ADDREF BUGTRAQ:19990326 Lotus Notes Encryption Bug
  ADDREF BUGTRAQ:19990326 Re: Lotus Notes security advisory

INFERRED ACTION: CAN-1999-0429 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Blake, Ozancin, Landfield, Frech, Cole
   MODIFY(1) Baker
   NOOP(2) Wall, Bishop

Voter Comments:
 Baker> Vulnerability Reference (HTML)	Reference Type
   http://www.securityfocus.com/archive/1/12943	Misc Defensive Info
   http://xforce.iss.net/static/2047.php	Misc Defensive Info


======================================================
Candidate: CAN-1999-0440
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0440
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2
Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html
Reference: XF:java-unverified-code

The byte code verifier component of the Java Virtual Machine (JVM)
allows remote execution through malicious web pages.


Modifications:
  CHANGEREF BUGTRAQ [canonicalize]
  ADDREF CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html

INFERRED ACTION: CAN-1999-0440 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Blake, Ozancin, Landfield, Frech, Cole, Bishop
   MODIFY(1) Baker

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
 Baker> Vulnerability Reference (HTML)	Reference Type
   http://www.microsoft.com/java/vm/dl_vm31.htm	Patch Info
   http://www.microsoft.com/windows/ie/download/jvm.htm	Patch Info
   http://www.damnation/net/iecrash/Iecrash.zip	Misc Offensive Info
   http://hackersclub.com/km/library/hack/iecrash	Misc Offensive Info
   http://xforce.iss.net/static/2025.php	Misc Defensive Info


======================================================
Candidate: CAN-1999-0671
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0671
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:572
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=572
Reference: XF:toxsoft-nextftp-cwd-bo

Buffer overflow in ToxSoft NextFTP client through CWD command.


Modifications:
  ADDREF XF:toxsoft-nextftp-cwd-bo

INFERRED ACTION: CAN-1999-0671 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Blake
   MODIFY(2) Frech, Stracener
   NOOP(5) Bishop, Wall, Ozancin, Landfield, Cole

Voter Comments:
 Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.035
 Frech> XF:toxsoft-nextftp-cwd-bo


======================================================
Candidate: CAN-1999-0672
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0672
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: XF:fujitsu-topic-bo
Reference: BID:573
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=573

Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.


Modifications:
  ADDREF XF:fujitsu-topic-bo

INFERRED ACTION: CAN-1999-0672 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Blake
   MODIFY(2) Frech, Stracener
   NOOP(4) Wall, Ozancin, Landfield, Cole

Voter Comments:
 Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.036
 Frech> XF:fujitsu-topic-bo


======================================================
Candidate: CAN-1999-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0675
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS
Reference: URL:http://www.securityfocus.com/archive/1/23615
Reference: BID:576
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=576
Reference: XF:checkpoint-port

Check Point FireWall-1 can be subjected to a denial of service via UDP
packets that are sent through VPN-1 to port 0 of a host.


Modifications:
  ADDREF XF:checkpoint-port
  DESC Add Check Point
  ADDREF BUGTRAQ:19990809 FW1 UDP Port 0 DoS

INFERRED ACTION: CAN-1999-0675 ACCEPT_REV (5 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Levy, Blake, Landfield
   MODIFY(2) Frech, Cole
   NOOP(3) Wall, Ozancin, Christey
   REVIEWING(1) Stracener

Voter Comments:
 Cole> This only occurs when the VPN being used for the transport of the packet
   supports ISAKMP encryption.
 Frech> XF:checkpoint-port
   Modify description to read "Check Point Firewall-1 ..."
 Christey> http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908051851320.8871-100000@area51
 Landfield> with modifications


======================================================
Candidate: CAN-1999-0679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0679
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included)
Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog
Reference: BID:581
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=581
Reference: XF:hybrid-ircd-minvite-bo

Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows
remote attackers to execute commands via m_invite invite option.


Modifications:
  ADDREF XF:hybrid-ircd-minvite-bo
  ADDREF CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog

INFERRED ACTION: CAN-1999-0679 ACCEPT (9 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(8) Bishop, Levy, Wall, Blake, Ozancin, Landfield, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:hybrid-ircd-minvite-bo
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> Possible vendor acknowledgement; see
   http://www.efnet.org/archive/servers/hybrid/ChangeLog

   Discloser said the problem existed until beta 58.  A quote by Dianora
   for hybrid-6-b57 says "fixed mtrie_conf.c kline code," but it can't be
   certain if it's related to this bug.  Section "hybrid-6-b75" includes
   this statement by Dianora: "corrected possible buffer overflows in
   m_knock, m_invite".  Sounds like it, but can't be sure, especially
   considering the discloser said that it was fixed in beta 58, and there
   was independent confirmation of that statement.


======================================================
Candidate: CAN-1999-0697
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0697
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare
Reference: BID:621
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=621
Reference: XF:sco-doctor-execute

SCO Doctor allows local users to gain root privileges through a Tools
option.


Modifications:
  ADDREF XF:sco-doctor-execute

INFERRED ACTION: CAN-1999-0697 ACCEPT (7 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(6) Bishop, Levy, Blake, Landfield, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Ozancin

Voter Comments:
 Frech> XF:sco-doctor-execute
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0759
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0759
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
Reference: BID:634
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=634
Reference: XF:fuseware-popmail-bo

Buffer overflow in FuseMAIL POP service via long USER and PASS
commands.


Modifications:
  ADDREF XF:fuseware-popmail-bo
  ADDREF CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8

INFERRED ACTION: CAN-1999-0759 ACCEPT (7 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Stracener, Levy, Wall, Ozancin, Landfield, Cole
   MODIFY(1) Frech
   NOOP(2) Armstrong, Christey

Voter Comments:
 Frech> XF:fuseware-popmail-bo
 Wall> Also part of BlackIce detection.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
   The originally vulnerable version was reported as 2.7
   This FAQ Says: "Although a security hole was reported in
   version 2.7, and which also existed in earlier versions, that hole
   has been fixed in all later versions. It must be stressed that the
   potential security risk was only on the local side.
   To date there have been no reports of a security risk from
   the Internet side, despite the attempts by a number of hackers to find
   one."


======================================================
Candidate: CAN-1999-0787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0787
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2
Reference: XF:ssh-socket-auth-symlink-dos
Reference: BID:660
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=660

The SSH authentication agent follows symlinks via a UNIX domain
socket.


Modifications:
  ADDREF BUGTRAQ:19990917 A few bugs...
  ADDREF BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
  ADDREF XF:ssh-socket-auth-symlink-dos

INFERRED ACTION: CAN-1999-0787 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Armstrong, Levy, Landfield
   MODIFY(2) Stracener, Frech
   NOOP(3) Wall, Ozancin, Cole

Voter Comments:
 Stracener> Add Ref: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
 Frech> XF:ssh-socket-auth-symlink-dos


======================================================
Candidate: CAN-1999-0788
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0788
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2
Reference: BID:662
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=662
Reference: XF:arkiea-backup-nlserverd-remote-dos

Arkiea nlservd allows remote attackers to conduct a denial of service.


Modifications:
  ADDREF BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
  ADDREF XF:arkiea-backup-nlserverd-remote-dos

INFERRED ACTION: CAN-1999-0788 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Levy, Wall, Landfield, Cole
   MODIFY(2) Stracener, Frech
   NOOP(2) Armstrong, Ozancin

Voter Comments:
 Stracener> Add Ref:BUGTRAQ:19990923 Multiple vendor Knox Arkiea local root/remote
   DoS
 Frech> XF:arkiea-backup-nlserverd-remote-dos
 Wall> exploit code on packetstorm
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0791
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0791
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
Reference: KSRT:012
Reference: BID:695
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=695
Reference: XF:hybrid-anon-cable-modem-reconfig

Hybrid Network cable modems do not include an authentication mechanism
for administration, allowing remote attackers to compromise the system
through the HSMP protocol.


Modifications:
  ADDREF BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
  ADDREF BID:695
  ADDREF XF:hybrid-anon-cable-modem-reconfig

INFERRED ACTION: CAN-1999-0791 ACCEPT_REV (5 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Levy, Prosser, Cole
   MODIFY(2) Stracener, Frech
   NOOP(4) Wall, Ozancin, Landfield, Christey
   REVIEWING(1) Armstrong

Voter Comments:
 Stracener> Add Ref: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable
   Modems
 Frech> XF:hybrid-anon-cable-modem-reconfig
 Christey> ADDREF BID:695
   URL:http://www.securityfocus.com/vdb/bottom.html?vid=695
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0823
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0823
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:839
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=839
Reference: XF:freebsd-xmindpath

Buffer overflow in FreeBSD xmindpath allows local users to gain
privileges via -f argument.


Modifications:
  ADDREF XF:freebsd-xmindpath

INFERRED ACTION: CAN-1999-0823 ACCEPT_REV (4 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(2) Cole, Frech
   NOOP(1) Christey
   REVIEWING(1) Prosser

Voter Comments:
 Cole> This is via a buffer overflow attack.
 Frech> XF:freebsd-xmindpath
 Christey> Mike Prosser's REVIEWING vote expires July 17, 2000


======================================================
Candidate: CAN-1999-0826
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0826
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:840
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=840
Reference: XF:angband-bo

Buffer overflow in FreeBSD angband allows local users to gain
privileges.


Modifications:
  ADDREF XF:angband-bo

INFERRED ACTION: CAN-1999-0826 ACCEPT_REV (4 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Armstrong
   MODIFY(1) Frech
   NOOP(1) Christey
   REVIEWING(1) Prosser

Voter Comments:
 Frech> XF:angband-bo
 Christey> Mike Prosser's REVIEWING vote expires July 17, 2000


======================================================
Candidate: CAN-1999-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0873
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BID:759
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=759
Reference: XF:skyfull-mail-from-bo

Buffer overflow in Skyfull mail server via MAIL FROM command.


Modifications:
  ADDREF XF:skyfull-mail-from-bo

INFERRED ACTION: CAN-1999-0873 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Cole, Stracener, Levy, Wall, Landfield
   MODIFY(1) Frech
   NOOP(2) Armstrong, Ozancin

Voter Comments:
 Frech> XF:skyfull-mail-from-bo
 Wall> Exploit c code on packetstorm


======================================================
Candidate: CAN-1999-0904
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0904
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT
Reference: XF:bftelnet-username-dos
Reference: BID:771
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=771

Buffer overflow in BFTelnet allows remote attackers to cause a denial
of service via a long username.


Modifications:
  ADDREF XF:bftelnet-username-dos

INFERRED ACTION: CAN-1999-0904 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Cole, Stracener, Levy, Wall, Landfield
   MODIFY(1) Frech
   NOOP(1) Ozancin

Voter Comments:
 Frech> XF:bftelnet-username-dos
 Wall> Found by Ussr labs
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0912
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0912
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service
Reference: BID:653
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=653
Reference: XF:freebsd-vfscache-dos

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of
service by opening a large number of files.


Modifications:
  ADDREF XF:freebsd-vfscache-dos

INFERRED ACTION: CAN-1999-0912 ACCEPT_REV (5 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(4) Cole, Stracener, Levy, Landfield
   MODIFY(1) Frech
   NOOP(2) Wall, Ozancin
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:freebsd-vfscache-dos


======================================================
Candidate: CAN-1999-0927
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0927
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: EEYE:AD05261999
Reference: BID:279
Reference: XF:ntmail-fileread

NTMail allows remote attackers to read arbitrary files via a .. (dot
dot) attack.


Modifications:
  ADDREF BID:279
  ADDREF XF:ntmail-fileread

INFERRED ACTION: CAN-1999-0927 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Stracener, Wall, Landfield
   MODIFY(2) Frech, Levy
   NOOP(2) Armstrong, Ozancin

Voter Comments:
 Frech> XF:ntmail-fileread
 CHANGE> [Levy changed vote from REVIEWING to MODIFY]
 Levy> BID 279


======================================================
Candidate: CAN-1999-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0928
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1
Reference: XF:websuite-dos
Reference: BID:278

Buffer overflow in SmartDesk WebSuite allows remote attackers to cause
a denial of service via a long URL.


Modifications:
  ADDREF XF:websuite-dos
  ADDREF BID:278

INFERRED ACTION: CAN-1999-0928 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Wall
   MODIFY(2) Frech, Levy
   NOOP(4) Christey, Armstrong, Ozancin, Landfield

Voter Comments:
 Frech> XF:websuite-dos
 Levy> BID 278
 Christey> http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D278
   It appears that the product has been discontinued, and was
   shareware.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0932
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0932
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: BID:735
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=735
Reference: XF:mediahouse-stats-adminpw-cleartext

Mediahouse Statistics Server allows remote attackers to read the
administrator password, which is stored in cleartext in the ss.cfg
file.


Modifications:
  ADDREF XF:mediahouse-stats-adminpw-cleartext

INFERRED ACTION: CAN-1999-0932 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mediahouse-stats-adminpw-cleartext


======================================================
Candidate: CAN-1999-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0942
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit
Reference: XF:sco-unixware-dos7utils-root-privs

UnixWare dos7utils allows a local user to gain root privileges by
using the STATICMERGE environmental variable to find a script which
it executes.


Modifications:
  ADDREF XF:sco-unixware-dos7utils-root-privs

INFERRED ACTION: CAN-1999-0942 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(4) Armstrong, Wall, Ozancin, Landfield

Voter Comments:
 Frech> XF:sco-unixware-dos7utils-root-privs
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0946
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: XF:yamaha-midiplug-embed
Reference: BID:760
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=760

Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED
tag.


Modifications:
  ADDREF XF:yamaha-midiplug-embed

INFERRED ACTION: CAN-1999-0946 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Stracener, Armstrong, Levy, Wall
   MODIFY(1) Frech
   NOOP(3) Cole, Ozancin, Landfield

Voter Comments:
 Frech> XF:yamaha-midiplug-embed


======================================================
Candidate: CAN-1999-0954
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0954
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: BUGTRAQ:19990916 More fun with WWWBoard
Reference: BID:649
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=649

WWWBoard has a default username and default password.

CONTENT-DECISIONS: CF-PASS

INFERRED ACTION: CAN-1999-0954 ACCEPT (5 accept, 0 ack, 0 review) HAS_CDS

Current Votes:
   ACCEPT(4) Cole, Stracener, Levy, Wall
   MODIFY(1) Frech
   NOOP(3) Armstrong, Ozancin, Landfield

Voter Comments:
 Frech> XF:http-cgi-wwwboard-default
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0971
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0971
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/7301
Reference: XF:exim-include-overflow

Buffer overflow in Exim allows local users to gain root privileges via
a long :include: option in a .forward file.


Modifications:
  ADDREF XF:exim-include-overflow

INFERRED ACTION: CAN-1999-0971 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Landfield
   MODIFY(2) Frech, Baker
   NOOP(3) Armstrong, Wall, Ozancin

Voter Comments:
 Frech> XF:exim-include-overflow
 Baker> http://www.securityfocus.com/archive/1/7301


======================================================
Candidate: CAN-2000-0366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0366
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership
Reference: BID:1442

dump in Debian Linux 2.1 does not properly restore symlinks, which
allows a local user to modify the ownership of arbitrary files.


Modifications:
  ADDREF XF:debian-dump-modify-ownership
  ADDREF BID:1442

INFERRED ACTION: CAN-2000-0366 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:debian-dump-modify-ownership
 Christey> ADDREF BID:1442
   URL:http://www.securityfocus.com/bid/1442


======================================================
Candidate: CAN-2000-0369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0369
Final-Decision:
Interim-Decision: 20001011
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
Reference: BID:1266
Reference: XF:caldera-ident-server-dos

The IDENT server in Caldera Linux 2.3 creates multiple threads for
each IDENT request, which allows remote attackers to cause a denial of
service.


Modifications:
  ADDREF BID:1266
  ADDREF XF:caldera-ident-server-dos

INFERRED ACTION: CAN-2000-0369 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF BID:1266
 Frech> XF:caldera-ident-server-dos


======================================================
Candidate: CAN-2000-0374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0374
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000524
Assigned: 20000523
Category: CF
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: BID:1446
Reference: XF:caldera-kdm-default-configuration

The default configuration of kdm in Caldera Linux allows XDMCP
connections from any host, which allows remote attackers to obtain
sensitive information or bypass additional access restrictions.


Modifications:
  ADDREF XF:caldera-kdm-default-configuration
  ADDREF BID:1446

INFERRED ACTION: CAN-2000-0374 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Cole

Voter Comments:
 Frech> XF:caldera-kdm-default-configuration
 Christey> BID:1446
   URL:http://www.securityfocus.com/bid/1446

Page Last Updated or Reviewed: May 22, 2007