|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: PROPOSAL: Cluster 14 - RESTLOW (39 candidates)
accept all. Comment: CAN-1999-0145, do vulnerabilities ever get retired, moved to the inactive reserve, get a historical interest only tag? -----Original Message----- From: Steven M. Christey [mailto:coley@linus.mitre.org] Sent: Tuesday, June 29, 1999 10:36 PM To: cve-review@linus.mitre.org Subject: PROPOSAL: Cluster 14 - RESTLOW (39 candidates) The following cluster contains the remaining low-controversy candidates. Phase schedule: scheduled-modification 7/7 scheduled-interim 7/12 scheduled-final 7/16 Assuming a 50% ACCEPT rate for all low-vulnerability clusters and no significant slippage in Interim Decision dates, the Editorial Board will have validated approximately 140 vulnerabilities by July 16th. Note that I have cleansed today's proposed clusters to remove vulnerabilities that could be affected by content decision debates (why don't I just go and start calling them "content meta-decisions" ;-) - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0037 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: CERT:CA-97.14.metamail Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. VOTE: ================================= Candidate: CAN-1999-0059 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: NAI:NAI-16 Reference: XF:irix-fam IRIX fam service allows an attacker to obtain a list of all files on the server. VOTE: ================================= Candidate: CAN-1999-0061 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: NAI:NAI-20 Reference: XF:bsd-lpd File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). VOTE: ================================= Candidate: CAN-1999-0084 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:nfs-mknod NFS mknod bug VOTE: ================================= Candidate: CAN-1999-0095 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:smtp-debug Sendmail debug command allows attackers to execute root commands VOTE: ================================= Candidate: CAN-1999-0096 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:smtp-dcod Sendmail decode alias can be used to overwrite sensitive files VOTE: ================================= Candidate: CAN-1999-0145 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Sendmail WIZ command enabled, allowing root access. VOTE: ================================= Candidate: CAN-1999-0150 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF The Perl fingerd program allows arbitrary command execution from remote users. VOTE: ================================= Candidate: CAN-1999-0151 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: CERT:CA-95.07a.REVISED.satan.vul Reference: CERT:CA-95.06.satan.vul The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. VOTE: ================================= Candidate: CAN-1999-0152 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:dgux-fingerd The DG/UX finger daemon allows remote command execution. VOTE: ================================= Candidate: CAN-1999-0167 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:nfs-guess In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. VOTE: ================================= Candidate: CAN-1999-0175 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:http-nov-convert The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. VOTE: ================================= Candidate: CAN-1999-0183 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:linux-tftp Linux implementations of TFTP would allow access to files outside the restricted directory. VOTE: ================================= Candidate: CAN-1999-0202 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:ftp-exectar The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. VOTE: ================================= Candidate: CAN-1999-0203 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. VOTE: ================================= Candidate: CAN-1999-0204 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. VOTE: ================================= Candidate: CAN-1999-0205 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service in Sendmail 8.6.11 and 8.6.12. VOTE: ================================= Candidate: CAN-1999-0241 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:http-xguess-cookie Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. VOTE: ================================= Candidate: CAN-1999-0245 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:linux-plus Some configurations of NIS+ in Linux allowed attackers to log in as the user "+" VOTE: ================================= Candidate: CAN-1999-0246 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:hp-remote HP Remote Watch allows a remote user to gain root access. VOTE: ================================= Candidate: CAN-1999-0260 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF The jj CGI program allows command execution via shell metacharacters. VOTE: ================================= Candidate: CAN-1999-0280 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Remote command execution in Microsoft Internet Explorer using .lnk and .url files. VOTE: ================================= Candidate: CAN-1999-0281 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service in IIS using long URLs. VOTE: ================================= Candidate: CAN-1999-0289 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. VOTE: ================================= Candidate: CAN-1999-0290 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Denial of service in the Telnet proxy in WinGate. VOTE: ================================= Candidate: CAN-1999-0291 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Remote users can redirect their connections through a WinGate proxy. VOTE: ================================= Candidate: CAN-1999-0304 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:bsd-mmap Reference: FreeBSD:FreeBSD-SA-98:02 mmap function in BSD allows local attackers in the kmem group to modify memory through devices. VOTE: ================================= Candidate: CAN-1999-0322 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: FreeBSD:FreeBSD-SA-97:05 Reference: XF:freebsd-open The open() function in FreeBSD allows local attackers to write to arbitrary files. VOTE: ================================= Candidate: CAN-1999-0323 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: FreeBSD:FreeBSD-SA-98:04 FreeBSD mmap function allows users to modify append-only or immutable files. VOTE: ================================= Candidate: CAN-1999-0350 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: L0PHT:Jan8,1999 Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. VOTE: ================================= Candidate: CAN-1999-0388 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:datalynx-suguard-relative-paths Reference: L0PHT:Jan3,1999 DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. VOTE: ================================= Candidate: CAN-1999-0391 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: L0PHT:Jan. 5, 1999 The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 is reused, allowing an attacker to replay the response and inpersonate a user. VOTE: ================================= Candidate: CAN-1999-0395 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: ISS:Vulnerability in the BackWeb Polite Agent Protocol A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. VOTE: ================================= Candidate: CAN-1999-0421 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. VOTE: ================================= Candidate: CAN-1999-0458 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan6,1999 L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. VOTE: ================================= Candidate: CAN-1999-0494 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: SF Reference: XF:wingate-pop3-user-bo Denial of service in WinGate proxy through a buffer overflow in POP3. VOTE: ================================= Candidate: CAN-1999-0498 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: CF TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files. VOTE: ================================= Candidate: CAN-1999-0514 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: CF UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack. VOTE: ================================= Candidate: CAN-1999-0526 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990630 Assigned: 19990607 Category: CF An X server has no access control and allows anyone to connect to the display, e.g. through an "xhost +" command. VOTE:
|
||||
