|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] INTERIM DECISION: ACCEPT 9 candidates from VEN-BSD (Final 7/12)
I have made an Interim Decision to ACCEPT 9 of the candidates from this cluster. A Final Decision is scheduled for July 12. - Steve Least controversial candidates are listed first. Voters: Shostack ACCEPT(9) Hill ACCEPT(9) Northcutt ACCEPT(9) ************************* ACCEPT ************************* ================================= Candidate: CAN-1999-0367 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-002 NetBSD netstat command allows local users to access kernel memory. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0420 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-006 umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0422 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-007 In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0446 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-008 Reference: XF:netbsd-vfslocking-panic Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0466 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: NETBSD:1999-009 The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0481 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Mar22,1999 Denial of service in "poll" in OpenBSD. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0482 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Mar21,1999 OpenBSD kernel crash through TSS handling, as caused by the crashme program. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0483 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Feb25,1999 OpenBSD crash using nlink value in FFS and EXT2FS filesystems. VOTES: ACCEPT(3) Northcutt, Shostack, Hill ================================= Candidate: CAN-1999-0484 Published: Final-Decision: Interim-Decision: 19990713 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: OPENBSD:Feb23,1999 Buffer overflow in OpenBSD ping. VOTES: ACCEPT(3) Northcutt, Shostack, Hill
|
||||
