|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FINAL DECISION: ACCEPT 9 candidates from VEN-HP cluster
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. Voting details and comments are provided afterwards. The CVE names for candidates that reach Final Decision should be regarded as stable. In the case of these and all other candidates that reach Final Decision during this validation period, accepted candidates won't reach Publication phase until the CVE goes fully public. The only difference between Publication and Final Decision is that the CVE name is officially "announced" by MITRE during Publication. - Steve Candidate CVE Name --------- ---------- CAN-1999-0309 CVE-1999-0309 CAN-1999-0423 CVE-1999-0423 CAN-1999-0326 CVE-1999-0326 CAN-1999-0353 CVE-1999-0353 CAN-1999-0432 CVE-1999-0432 CAN-1999-0436 CVE-1999-0436 CAN-1999-0447 CVE-1999-0447 CAN-1999-0478 CVE-1999-0478 CAN-1999-0479 CVE-1999-0479 ================================= Candidate: CAN-1999-0309 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: Announced: 19990617 Assigned: 19990607 Category: SF Reference: XF:hpux-vgdisplay Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability HP-UX vgdisplay program gives root access to local users. VOTES: ACCEPT(2) Frech, Hill NOOP(2) Shostack, Northcutt ================================= Candidate: CAN-1999-0326 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990712-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBUX9710-071 Reference: XF:hp-mediainit Vulnerability in HP-UX mediainit program. Modifications: ADDREF XF:hp-mediainit VOTES: ACCEPT(1) Hill MODIFY(1) Frech NOOP(2) Shostack, Northcutt COMMENTS: Frech> Reference: XF:hp-mediainit ================================= Candidate: CAN-1999-0353 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990712-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBUX9902-091 Reference: CIAC:J-026 Reference: XF:pcnfsd-world-write rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. Modifications: ADDREF XF:pcnfsd-world-write VOTES: ACCEPT(1) Hill MODIFY(1) Frech NOOP(2) Shostack, Northcutt COMMENTS: Frech> Reference: XF:pcnfsd-world-write ================================= Candidate: CAN-1999-0423 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990718-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBUX9903-093 Reference: XF:hp-hpterm-files Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges. Modifications: ADDREF XF:hp-hpterm-files VOTES: ACCEPT(2) Frech, Hill NOOP(2) Shostack, Northcutt ================================= Candidate: CAN-1999-0432 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990712-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBUX9903-094 Reference: XF:hp-ftp ftp on HP-UX 11.00 allows local users to gain privileges. Modifications: ADDREF XF:hp-ftp VOTES: ACCEPT(1) Hill MODIFY(1) Frech NOOP(2) Shostack, Northcutt COMMENTS: Frech> Reference: XF:hp-ftp ================================= Candidate: CAN-1999-0436 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990718-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBUX9903-095 Reference: XF:hp-desms-servers Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. Modifications: ADDREF XF:hp-desms-servers VOTES: ACCEPT(1) Hill MODIFY(1) Frech NOOP(2) Shostack, Northcutt COMMENTS: Frech> Reference: XF:hp-desms-servers ================================= Candidate: CAN-1999-0447 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990718-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBMP9904-006 Reference: XF:mpeix-debug Local users can gain privileges using the debug utility in the MPE/iX operating system. Modifications: ADDREF XF:mpeix-debug VOTES: ACCEPT(1) Hill MODIFY(1) Frech NOOP(2) Shostack, Northcutt COMMENTS: Frech> Reference: XF:mpeix-debug ================================= Candidate: CAN-1999-0478 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990718-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBUX9904-097 Reference: XF:sendmail-headers-dos Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. Modifications: ADDREF XF:sendmail-headers-dos VOTES: ACCEPT(1) Hill MODIFY(1) Frech NOOP(2) Shostack, Northcutt COMMENTS: Frech> Reference: XF:sendmail-headers-dos ================================= Candidate: CAN-1999-0479 Published: Final-Decision: 19990718 Interim-Decision: 19990712 Modified: 19990718-01 Announced: 19990617 Assigned: 19990607 Category: SF Reference: HP:HPSBUX9903-092 Reference: XF:netscape-server-dos Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. Modifications: ADDREF XF:netscape-server-dos VOTES: ACCEPT(1) Hill MODIFY(1) Frech NOOP(2) Shostack, Northcutt COMMENTS: Frech> Reference: XF:netscape-server-dos
|
||||
