|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
These candidates are mentioned in at least one security tool (possibly more), but there are no other available references for them. In most cases the tool vendor(s) do not have a presence on the Editorial Board, so I have not yet consulted with them to verify the candidates. Some of the candidates are extremely vague (as were their sources), so they may be REJECTed or NOOPed outright, or they could remain in proposal phase indefinitely. - Steve VERIFY-TOOL (7 candidates) -------------------- Proposed: 7/27 Scheduled Interim Decision: 8/23 Scheduled Final Decision: 8/27 Problems mentioned in a tool, but not seen in other VDB's Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0220 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Attackers can do a denial of service of IRC by crashing the server. VOTE: ================================= Candidate: CAN-1999-0226 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. VOTE: ================================= Candidate: CAN-1999-0240 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy. VOTE: ================================= Candidate: CAN-1999-0247 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Buffer overflow in nnrpd program in INN allows remote users to execute arbitrary commands. VOTE: ================================= Candidate: CAN-1999-0248 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF sshd 1.2.17 can be compromised through the SSH protocol. VOTE: ================================= Candidate: CAN-1999-0493 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF A remote attacker can bounce RPC calls through rpc.statd. VOTE: ================================= Candidate: CAN-1999-0495 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. VOTE:
|
||||
