|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FINAL DECISION: ACCEPT 11 candidates from VEN-SUN cluster
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. Voting details and comments are provided afterwards. The CVE names for candidates that reach Final Decision should be regarded as stable. In the case of these and all other candidates that reach Final Decision during this validation period, accepted candidates won't reach Publication phase until the CVE goes fully public. The only difference between Publication and Final Decision is that the CVE name is officially "announced" by MITRE during Publication. - Steve Candidate CVE Name Votes --------- ---------- ----- CAN-1999-0054 CVE-1999-0054 ACCEPT(3) MODIFY(1) CAN-1999-0056 CVE-1999-0056 ACCEPT(4) CAN-1999-0069 CVE-1999-0069 ACCEPT(3) MODIFY(1) CAN-1999-0188 CVE-1999-0188 ACCEPT(4) CAN-1999-0263 CVE-1999-0263 ACCEPT(4) CAN-1999-0296 CVE-1999-0296 ACCEPT(4) CAN-1999-0300 CVE-1999-0300 ACCEPT(4) CAN-1999-0301 CVE-1999-0301 ACCEPT(4) CAN-1999-0302 CVE-1999-0302 ACCEPT(4) CAN-1999-0320 CVE-1999-0320 ACCEPT(3) MODIFY(1) CAN-1999-0369 CVE-1999-0369 ACCEPT(3) MODIFY(1) ================================= Candidate: CAN-1999-0054 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00171 Reference: XF:sun-ftpd Sun's ftpd daemon can be subjected to a denial of service. Modifications: ADDREF XF:sun-ftpd VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-ftpd ================================= Candidate: CAN-1999-0056 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00174 Reference: XF:sun-ping Buffer overflow in Sun's ping program can give root access to local users. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0069 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00169 Reference: XF:sun-ufsrestore Solaris ufsrestore buffer overflow. Modifications: ADDREF XF:sun-ufsrestore VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-ufsrestore ================================= Candidate: CAN-1999-0188 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00182 Reference: XF:sun-passwd-dos The passwd command in Solaris can be subjected to a denial of service. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0263 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00173 Reference: XF:sun-sunwadmap Solaris SUNWadmap can be exploited to obtain root access. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0296 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00162 Reference: XF:sun-volrmmount Solaris volrmmount program allows attackers to read any file. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0300 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00155 Reference: XF:sun-niscache nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0301 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00149 Reference: AUSCERT:AUSCERT-97.17 Reference: XF:sun-ps2bo Buffer overflow in SunOS/Solaris ps command. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0302 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00176 Reference: XF:sun-ftp-server SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. VOTES: ACCEPT (4) Frech, Northcutt, Christey, Prosser ================================= Candidate: CAN-1999-0320 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00166 Reference: XF:sun-rpc.cmsd SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. Modifications: ADDREF XF:sun-rpc.cmsd VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-rpc.cmsd ================================= Candidate: CAN-1999-0369 Published: Final-Decision: 19990705 Interim-Decision: 19990630 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00183 Reference: XF:sun-sdtcm-convert-bo The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. Modifications: ADDREF XF:sun-sdtcm-convert-bo VOTES: ACCEPT (3) Northcutt, Christey, Prosser MODIFY (1) Frech COMMENTS: Frech> Reference: XF:sun-sdtcm-convert-bo
|
||||
