PROPOSAL: Cluster 12 (NTLOW) - 19 candidates

To: cve-review@linus.mitre.org
Subject: PROPOSAL: Cluster 12 (NTLOW) - 19 candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Tue, 29 Jun 1999 22:22:27 -0400 (EDT)

This cluster contains some low controversy NT/Win9x vulnerabilities.
Other NT vulnerabilities are buried in other clusters.

Phase schedule:
  Modification - 7/7
  Interim      - 7/12
  Final        - 7/16

- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0153
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Windows 95/NT out of band (OOB) data denial of service through NETBIOS
port, aka WinNuke.

VOTE: 

=================================
Candidate: CAN-1999-0179
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:nt-samba-dotdot

Windows NT crashes or locks up when a Samba client executes a "cd .."
command on a file share.

VOTE: 

=================================
Candidate: CAN-1999-0224
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service in Windows NT messenger service through a long
username.

VOTE: 

=================================
Candidate: CAN-1999-0225
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: SNI:SNI-25

Denial of service in Windows NT using SMB file commands before logging
in and accessing shares.

VOTE: 

=================================
Candidate: CAN-1999-0274
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: NAI:NAI-5

Denial of service in Windows NT DNS servers through malicious packet
which contains a response to a query that wasn't made.

VOTE: 

=================================
Candidate: CAN-1999-0285
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service in telnet from the Windows NT Resource Kit, by
opening then immediately closing a connection.

VOTE: 

=================================
Candidate: CAN-1999-0292
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

Denial of service through Winpopup using large user names.

VOTE: 

=================================
Candidate: CAN-1999-0349
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-003
Reference: MSKB:Q188348
Reference: BUGTRAQ:Jan27,1999
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack

A buffer overflow in the FTP list (ls) command in IIS allows remote
attackers to conduct a denial of service and, in some cases, execute
arbitrary commands.

VOTE: 

=================================
Candidate: CAN-1999-0366
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-004
Reference: MSKB:Q214840

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to
network shares using a blank password, through a problem with a null
NT hash value.

VOTE: 

=================================
Candidate: CAN-1999-0372
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-005

The installer for BackOffice Server includes account names and
passwords in a setup file which is not deleted.

VOTE: 

=================================
Candidate: CAN-1999-0376
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-006
Reference: BUGTRAQ:Feb20,1999
Reference: L0PHT:Feb18,1999

Local users in Windows NT can obtain administrator privileges by
changing the KnownDLLs list to reference malicious programs.

VOTE: 

=================================
Candidate: CAN-1999-0379
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb22,1999
Reference: MS:MS99-007

Microsoft Taskpads feature allows remote web sites to execute commands
on the visiting user's machine.

VOTE: 

=================================
Candidate: CAN-1999-0382
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-008

The screen saver in Windows NT does not verify that its security
context has been changed properly, allowing attackers to run programs
with elevated privileges.

VOTE: 

=================================
Candidate: CAN-1999-0384
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-001

The Forms 2.0 ActiveX control (included with Visual Basic for
Applications 5.0) can be used to read text from a user's
clipboard when the user accesses documents with ActiveX content.

VOTE: 

=================================
Candidate: CAN-1999-0385
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-009
Reference: ISS:LDAP Buffer overflow against Microsoft

The LDAP bind function in Exchange 5.5 has a buffer overflow that
allows a remote attacker to conduct a denial of service or execute
commands.

VOTE: 

=================================
Candidate: CAN-1999-0386
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-010

Microsoft Personal Web Server and FrontPage Personal Web Server in
some Windows systems allows a remote attacker to read files on the
server by using a nonstandard URL.

VOTE: 

=================================
Candidate: CAN-1999-0487
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-011

The DHTML Edit ActiveX control in Internet Explorer allows remote
attackers to read arbitrary files.

VOTE: 

=================================
Candidate: CAN-1999-0496
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: SF

A Windows NT user can gain administrative rights, aka GetAdmin.

VOTE: 

=================================
Candidate: CAN-1999-0549
Published: 
Final-Decision: 
Interim-Decision: 
Modified: 
Announced: 19990630
Assigned: 19990607
Category: CF

Windows NT automatically logs in an administrator upon rebooting.

VOTE:
Prev by Date: Candidate cluster status: remaining VEN clusters
Next by Date: PROPOSAL: Cluster 13 - DENY (13 candidates)
Prev by thread: Candidate cluster status: remaining VEN clusters
Next by thread: PROPOSAL: Cluster 13 - DENY (13 candidates)
Index(es):
- Date
- Thread
Page Last Updated: May 22, 2007
Common Vulnerabilities and Exposures

PROPOSAL: Cluster 12 (NTLOW) - 19 candidates
