|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FINAL DECISION: ACCEPT 6 candidates from VEN-AIX cluster
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. Voting details and comments are provided afterwards. Note that 2 candidates from VEN-AIX remain in Interim Decision. They may be affected by the Same Attack/Same Codebase content decision. The CVE names for candidates that reach Final Decision should be regarded as stable. In the case of these and all other candidates that reach Final Decision during this validation period, accepted candidates won't reach Publication phase until the CVE goes fully public. The only difference between Publication and Final Decision is that the CVE name is officially "announced" by MITRE during Publication. - Steve Candidate CVE Name Votes --------- ---------- ----- CAN-1999-0072 CVE-1999-0072 ACCEPT(4) MODIFY(1) CAN-1999-0090 CVE-1999-0090 ACCEPT(4) MODIFY(1) CAN-1999-0091 CVE-1999-0091 ACCEPT(4) MODIFY(1) CAN-1999-0093 CVE-1999-0093 ACCEPT(4) MODIFY(1) CAN-1999-0094 CVE-1999-0094 ACCEPT(4) MODIFY(1) CAN-1999-0100 CVE-1999-0100 ACCEPT(4) MODIFY(1) ================================= Candidate: CAN-1999-0072 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:004.1 Reference: XF:ibm-xdat Buffer overflow in AIX xdat gives root access to local users. Modifications: ADDREF XF:ibm-xdat VOTES: ACCEPT (4) Shostack, Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-xdat ================================= Candidate: CAN-1999-0090 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-rcp Buffer overflow in AIX rcp command allows local users to obtain root access. Modifications: ADDREF XF:ibm-rcp VOTES: ACCEPT (4) Shostack, Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-rcp ================================= Candidate: CAN-1999-0091 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:005.1 Reference: XF:ibm-writesrv Buffer overflow in AIX writesrv command allows local users to obtain root access. Modifications: ADDREF XF:ibm-writesrv VOTES: ACCEPT (4) Shostack, Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-writesrv ================================= Candidate: CAN-1999-0093 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:008.1 Reference: XF:ibm-nslookup AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. Modifications: ADDREF XF:ibm-nslookup VOTES: ACCEPT (4) Shostack, Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-nslookup ================================= Candidate: CAN-1999-0094 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:007.1 Reference: XF:ibm-piodmgrsu AIX piodmgrsu command allows local users to gain additional group privileges. Modifications: ADDREF XF:ibm-piodmgrsu VOTES: ACCEPT (4) Shostack, Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:ibm-piodmgrsu ================================= Candidate: CAN-1999-0100 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:002.1 Reference: XF:inn-controlmsg Remote access in AIX innd 1.5.1, using control messages. Modifications: ADDREF XF:inn-controlmsg VOTES: ACCEPT (4) Shostack, Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:inn-controlmsg
|
||||
