[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PROPOSAL: Cluster 25 - IDS (5 candidates)



All five are valid issues.  I am willing to be counted
as an accept for all five if the group feels these are
vulnerabilities.

I am very concerned about the direction the CVE is going 
from vulberabilities into best practice and engineering
design.  It is just a matter of time till I see an candidate
fly by saying palm pilot screens are too small allowing for
the possibility of not being able to read attachments with
email or some such.



-----Original Message-----
From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG]
Sent: Monday, July 26, 1999 8:57 PM
To: cve-editorial-board-list@lists.mitre.org
Subject: PROPOSAL: Cluster 25 - IDS (5 candidates)


The following candidates deal with some implementation problems in
IDSes, as outlined in the paper by Ptacek and Newsham (see
http://www.nai.com/nai_labs/asp_set/advisory.asp).  They identify
problems in IDSes that can allow an attacker to escape detection.

Note that these candidates do not include some of the inherent
problems in the design of the IDSes themselves that are related to
ambiguities in the TCP/IP protocol specifications, e.g. needing to
know how the target's OS reassembles packets in order to accurately
reconstruct the session.  Should such design limitations be included
in the CVE?

- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g.
reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0598
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: CF

A network intrusion detection system (IDS) does not properly handle
packets that are sent out of order, allowing an attacker to escape
detection.

VOTE:

=================================
Candidate: CAN-1999-0599
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: CF

A network intrusion detection system (IDS) does not properly handle
packets with improper sequence numbers.

VOTE:

=================================
Candidate: CAN-1999-0600
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: CF

A network intrusion detection system (IDS) does not verify the
checksum on a packet.

VOTE:

=================================
Candidate: CAN-1999-0601
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: CF

A network intrusion detection system (IDS) does not properly handle
data within TCP handshake packets.

VOTE:

=================================
Candidate: CAN-1999-0602
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: CF

A network intrusion detection system (IDS) does not properly
reassemble fragmented packets.

VOTE:

 
Page Last Updated: May 22, 2007