|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Cluster 02: VEN-AIX
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, I know I am behind but humor me, it's been a rough couple of weeks!!! - -mike - -----Original Message----- From: Steven M. Christey [mailto:coley@linus.mitre.org] Sent: Thursday, June 17, 1999 2:06 PM To: cve-review@linus.mitre.org Subject: Cluster 02: VEN-AIX This cluster has 10 vulnerabilities. - ------------------------------------------ Candidate: CAN-1999-0072 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:004.1 Buffer overflow in AIX xdat gives root access to local users. Accept - ------------------------------------------ Candidate: CAN-1999-0086 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1998:001.1 AIX routed allows remote users to modify sensitive files. Modify: This vulnerability allows debug mode to be turned on which is the problem. Should this be more specific in the description? This one also affects SGI OSes, ref SGI Security Advisory 19981004-PX which is in the SGI cluster, shouldn't these be cross-referenced as the same vuln affects multiple OSes. - ------------------------------------------ Candidate: CAN-1999-0088 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1998:004.1 IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. Modify: Include the SGI Alert as well since it is mentioned in the description. SGI Security Advisory 19981005-01-PX - ------------------------------------------ Candidate: CAN-1999-0089 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Buffer overflow in AIX libDtSvc library can allow local users to gain root access. Modify: The overflow is in the dtaction utility. Also affects dtaction in the CDE on versions of SunOS (SUN 164). Probably should be specific. - ------------------------------------------ Candidate: CAN-1999-0090 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Buffer overflow in AIX rcp command allows local users to obtain root access. Accept - ------------------------------------------ Candidate: CAN-1999-0091 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Buffer overflow in AIX writesrv command allows local users to obtain root access. Accept - ------------------------------------------ Candidate: CAN-1999-0093 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:008.1 AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. accept - ------------------------------------------ Candidate: CAN-1999-0094 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:007.1 AIX piodmgrsu command allows local users to gain additional group privileges. Accept - ------------------------------------------ Candidate: CAN-1999-0097 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:009.1 The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters, i.e. in files whose name begins with a pipe character. Modify: Concur with Adam's modification - ------------------------------------------ Candidate: CAN-1999-0100 Proposer: 001 Assigned: 19990617 Announced: 19990617 Category: SF Reference: ERS:ERS-SVA-E01-1997:002.1 Remote access in AIX innd 1.5.1, using control messages. accept -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQA/AwUBN3p2yBIUaHPadf5hEQJp1QCePG0LtqQfTfKyr/0c8Jj9zkmKw+UAmQFD 4ivqnyIWOXg92l18+TvytgoU =4OSd -----END PGP SIGNATURE-----
|
||||
