|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] INTERIM DECISION: ACCEPT 8 candidates from cluster VEN-AIX
I have made an Interim Decision to ACCEPT the following 8 candidates. I have scheduled a Final Decision for 7/5. The other 2 candidates in VEN-AIX are affected by current debates on content decisions and thus are still in the Announcement phase. Note that I have made minor modifications to some of these candidates, namely adding X-Force references. These modifications were not important enough to merit moving the candidates to the Modification phase. - Steve ================================= Candidate: CAN-1999-0072 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:004.1 Reference: XF:ibm-xdat Buffer overflow in AIX xdat gives root access to local users. Modifications: ADDREF XF:ibm-xdat VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-xdat ================================= Candidate: CAN-1999-0086 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1998:001.1 Reference: XF:ibm-routed AIX routed allows remote users to modify sensitive files. Modifications: ADDREF XF:ibm-routed VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-routed ================================= Candidate: CAN-1999-0089 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-libDtSvc Buffer overflow in AIX libDtSvc library can allow local users to gain root access. Modifications: ADDREF XF:ibm-libDtSvc VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-libDtSvc ================================= Candidate: CAN-1999-0090 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-rcp Buffer overflow in AIX rcp command allows local users to obtain root access. Modifications: ADDREF XF:ibm-rcp VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-rcp ================================= Candidate: CAN-1999-0091 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-writesrv Buffer overflow in AIX writesrv command allows local users to obtain root access. Modifications: ADDREF XF:ibm-writesrv VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-writesrv ================================= Candidate: CAN-1999-0093 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:008.1 Reference: XF:ibm-nslookup AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. Modifications: ADDREF XF:ibm-nslookup VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-nslookup ================================= Candidate: CAN-1999-0094 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:007.1 Reference: XF:ibm-piodmgrsu AIX piodmgrsu command allows local users to gain additional group privileges. Modifications: ADDREF XF:ibm-piodmgrsu VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-piodmgrsu ================================= Candidate: CAN-1999-0100 Published: Final-Decision: Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:002.1 Reference: XF:inn-controlmsg Remote access in AIX innd 1.5.1, using control messages. Modifications: ADDREF XF:inn-controlmsg VOTES: ACCEPT (3) Shostack, Northcutt, Christey MODIFY (1) Frech COMMENTS: Frech> Reference: XF:inn-controlmsg
|
||||
