|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] INTERIM DECISION: ACCEPT 45 various candidates (Final Sep. 10)
I have made an Interim Decision to ACCEPT the following 45 candidates. 15 come from the CGI cluster, 21 from BUF, and 9 from MORELOW. They are universal vulnerabilities that are not affected by any outstanding content decisions, and have at least 3 non-MITRE votes for inclusion (i.e. ACCEPT or MODIFY). I will make a Final Decision on these candidates on Friday, September 10. - Steve ================================= Candidate: CAN-1999-0047 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.05.sendmail Reference: XF:sendmail-mime-bo2 MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. Modifications: ADDREF XF:sendmail-mime-bo2 VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:sendmail-mime-bo2 ================================= Candidate: CAN-1999-0058 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-12 Reference: XF:http-cgi-phpbo Buffer overflow in PHP cgi program, php.cgi allows shell access. Modifications: DELREF XF:http-phpbo VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Frech> Delete XF:http-phpbo ================================= Candidate: CAN-1999-0063 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: AUSCERT:ESB-98.197 Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml Reference: XF:cisco-syslog-crash Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. Modifications: ADDREF XF:cisco-syslog-crash DESC removed nmap, added UDP/syslog VOTES: ACCEPT(2) Wall, Ozancin MODIFY(1) Frech COMMENTS: Frech> XF:cisco-syslog-crash ================================= Candidate: CAN-1999-0064 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:May28,1997 Reference: XF:lquerylv-bo Buffer overflow in AIX lquerylv program gives root access to local users. VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech COMMENTS: Prosser> additional source Prosser> AIX 4.2 lguerylv "Georgi Guninski" Prosser> http://www.securityfocus.com ================================= Candidate: CAN-1999-0066 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jul31,1995 Reference: XF:http-cgi-anyform AnyForm CGI remote execution Modifications: ADDREF BUGTRAQ:Jul31,1995 VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> might want to add the reference BUGTRAG Prosser> "SECURITY HOLE: "AnyForm" CGI Prosser> http://www.securityfocus.com/bugtraq/ ================================= Candidate: CAN-1999-0070 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-test test-cgi program allows an attacker to list files on the server VOTES: ACCEPT(3) Northcutt, Prosser, Frech ================================= Candidate: CAN-1999-0071 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-apache-cookie Reference: NAI:NAI-2 Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech ================================= Candidate: CAN-1999-0085 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Aug21,1996 Reference: XF:rwhod Reference: XF:rwhod-vuln rwhod buffer overflow in AIX Modifications: ADDREF BUGTRAQ:Aug21,1996 VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech COMMENTS: Prosser> additional source Prosser> Bugtraq Prosser> " rwhod buffer overflow" David J. Meltzer Prosser> http://www.securityfocus.com/bugtraq/1996_3/0380.htm ================================= Candidate: CAN-1999-0102 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:slmail-fromheader-overflow Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line. VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech ================================= Candidate: CAN-1999-0109 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: SUN:00140 Reference: AUSCERT:AA-97.06 Reference: XF:ffbconfig-bo Buffer overflow in ffbconfig in Solaris 2.5.1 Modifications: ADDREF XF:ffbconfig-bo VOTES: ACCEPT(2) Northcutt, Hill MODIFY(2) Prosser, Frech COMMENTS: Prosser> according to Sun, affects both 2.5 and 2.5.1...add ref Prosser> Sun Security Bulletin 140 Prosser> http://sunsolve.sun.com Frech> XF:ffbconfig-bo ================================= Candidate: CAN-1999-0112 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:May20,1997 Reference: XF:dtterm-bo Buffer overflow in AIX dtterm program for the CDE Modifications: ADDREF BUGTRAQ:May20,1997 ADDREF XF:dtterm-bo VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Prosser> add ref Prosser> Bugtraq Prosser> "AIX 4.2 dtterm exploit" Prosser> http://www.securityfocus.com Frech> XF:dtterm-bo ================================= Candidate: CAN-1999-0122 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jul21,1999 Reference: XF:lchangelv-bo Buffer overflow in AIX lchangelv gives root access. Modifications: ADDREF BUGTRAQ:Jul21,1999 ADDREF XF:lchangelv-bo VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Prosser> add ref Prosser> Bugtraq Prosser> "AIX lchangelv" Prosser> http://www.securityfocus.com/ Frech> XF:lchangelv-bo ================================= Candidate: CAN-1999-0139 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:sol-mkcookie Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. Modifications: ADDREF XF:sol-mkcookie VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:sol-mkcookie ================================= Candidate: CAN-1999-0146 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jul15,1997 Reference: XF:http-cgi-campas The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. Modifications: ADDREF BUGTRAQ:Jul15,1997 VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> additional source, Prosser> Bugtraq Prosser> "Francisco Torres" Prosser> http://www.securityfocus.com ================================= Candidate: CAN-1999-0147 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-glimpse Reference: AUSCERT:AA-97.28 The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands Modifications: ADDREF AUSCERT:AA-97.28 VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> additional source Prosser> AUSCERT Alert AA-97.28 Prosser> http://www.auscert.org.au ================================= Candidate: CAN-1999-0148 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: SGI:19970501-02-PX Reference: XF:http-sgi-handler The handler CGI program in IRIX allows arbitrary command execution. Modifications: ADDREF SGI:19970501-02-PX VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> additional source Prosser> SGI Security Advisory 19970501-02-PX Prosser> http://www.sgi.com/Support/security/advisories.html ================================= Candidate: CAN-1999-0149 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-sgi-wrap Reference: SGI:19970501-02-PX The wrap CGI program in IRIX allows arbitrary command execution from remote users. Modifications: ADDREF SGI:19970501-02-PX VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> additional source Prosser> SGI Security Advisory 19970501-02-PX Prosser> http://www.sgi.com/Support/security/advisories.html ================================= Candidate: CAN-1999-0172 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-formmail-exe Reference: BUGTRAQ:Aug02,1995 FormMail CGI program allows remote execution of commands. Modifications: ADDREF BUGTRAQ:Aug02,1995 VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> additional source Prosser> BUGTRAQ Prosser> "Security Hole: FormMail" Prosser> http://www.securityfocus.com/bugtraq/1995 ================================= Candidate: CAN-1999-0176 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jul10,1997 Reference: XF:http-webgais-query The Webgais program allows a remote user to execute arbitrary commands. Modifications: ADDREF BUGTRAQ:Jul10,1997 VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> additional source Prosser> BUGTRAQ Prosser> "Vulnerability in WEBgais" Razvan Dragomirescu Prosser> http://www.securityfocus.com/bugtraq/1997_3/0057.html ================================= Candidate: CAN-1999-0182 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CIAC:H-110 Reference: CERT:VB-97.10.samba Reference: XF:nt-samba-bo Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. Modifications: ADDREF CERT:VB-97.10.samba VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech COMMENTS: Prosser> additional ref Prosser> VB-97.10.samba Prosser> ftp://info.cert.org/pub/cert_bulletins/VB-97.10.sanba ================================= Candidate: CAN-1999-0192 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: SNI:SNI-20 Reference: XF:bsd-tel-tgetent Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech ================================= Candidate: CAN-1999-0196 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-webgais-smail Reference: BUGTRAQ:Jul08,1997 The websendmail program in the Webgais program allows a remote user to access arbitrary files. Modifications: ADDREF BUGTRAQ:Jul08,1997 VOTES: ACCEPT(3) Northcutt, Prosser, Frech NOOP(1) Christey COMMENTS: Prosser> additional source Prosser> BUGTRAQ Prosser> "Vulnerability in WEBgais" Razvan Dragomirescu Prosser> http://www.securityfocus.com/bugtraq/1997_3/0057.htm Christey> Actually, the proper reference is "Vulnerability in Christey> websendmail" by Razvan Dragomirescu, as forwarded to Bugtraq Christey> by Julian Assange on July 8, 1997 ================================= Candidate: CAN-1999-0206 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:sendmail-mime-bo Reference: AUSCERT:AA-96.06a MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. Modifications: ADDREF XF:sendmail-mime-bo ADDREF AUSCERT:AA-96.06a VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Prosser> additional ref Prosser> AUSCERT Advisory AA-96.06a Prosser> http://www.auscert.org.au/ Frech> XF:sendmail-mime-bo ================================= Candidate: CAN-1999-0219 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:ftp-servu Buffer overflow in Serv-U FTP server when user performs a cwd to a directory with a long name. VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech ================================= Candidate: CAN-1999-0230 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml Buffer overflow in Cisco 7xx routers through the telnet service. Modifications: DESC Change to 7xx ADDREF CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml VOTES: ACCEPT(2) Northcutt, Hill MODIFY(2) Prosser, Frech NOOP(1) Christey COMMENTS: Prosser> the BO affect any 7xx router running a vulnerable version of Prosser> IOS/700 OS. Addtional ref Prosser> Field Notice: Prosser> 7xx Router Password Buffer Overflow Prosser> http://www.cisco.com/warp/public/770/pwbuf-pub.shtml#summary Frech> We indicate that this can occur on 7xx routers. It would be wise to verify Frech> before changing it, since I don't have the entire database in front of me. Frech> XF:cisco-7xxcrash Christey> Verified the 7xx versions ================================= Candidate: CAN-1999-0237 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-guestbook Reference: CERT:VB-97.02 Remote execution of arbitrary commands through Guestbook CGI program. Modifications: ADDREF CERT:VB-97.02 VOTES: ACCEPT(3) Northcutt, Prosser, Frech COMMENTS: Prosser> additional source Prosser> CERT Vendor Bulletin VB-97-02 Prosser> http://www.cert.org ================================= Candidate: CAN-1999-0244 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-23 Reference: XF:radius-accounting-overflow Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root. Modifications: ADDREF XF:radius-accounting-overflow VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:radius-accounting-overflow ================================= Candidate: CAN-1999-0256 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:war-ftpd Buffer overflow in War FTP allows remote execution of commands. VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech ================================= Candidate: CAN-1999-0262 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-faxsurvey Reference: BUGTRAQ:Aug04,1998 faxsurvey CGI script on Linux allows remote command execution via shell metacharacters. Modifications: ADDREF XF:http-cgi-faxsurvey ADDREF BUGTRAQ:Aug04,1998 VOTES: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:http-cgi-faxsurvey ================================= Candidate: CAN-1999-0264 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-htmlscript-file-access Reference: BUGTRAQ:Jan27,1998 htmlscript CGI program allows remote read access to files. Modifications: ADDREF XF:http-htmlscript-file-access ADDREF BUGTRAQ:Jan27,1998 VOTES: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:http-htmlscript-file-access ================================= Candidate: CAN-1999-0269 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:netscape-server-pageservices Netscape Enterprise servers may list files through the PageServices query. Modifications: ADDREF XF:netscape-server-pageservices VOTES: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:netscape-server-pageservices ================================= Candidate: CAN-1999-0276 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:msql-debug-bo Reference: SEKURE:sekure.01-99.msql mSQL v2.0.1 and below allows remote execution through a buffer overflow. Modifications: ADDREF XF:msql-debug-bo ADDREF SEKURE:sekure.01-99.msql VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Prosser> additional ref Prosser> Sekure SDI Advisory sekure.01-99.msql Prosser> http://www.sekure.org Frech> XF:msql-debug-bo ================================= Candidate: CAN-1999-0278 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: MS:MS98-003 Reference: XF:iis-asp-data-check In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. Modifications: ADDREF MS:MS98-003 ADDREF XF:iis-asp-data-check VOTES: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech COMMENTS: Prosser> additional source Prosser> Microsoft Security Bulletin MS98-003 Prosser> http://www.microsoft.com/security Frech> XF:iis-asp-data-check ================================= Candidate: CAN-1999-0279 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:VB-98.01.excite Reference: XF:excite-cgi-search-vuln Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. Modifications: ADDREF XF:excite-cgi-search-vuln VOTES: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:excite-cgi-search-vuln ================================= Candidate: CAN-1999-0315 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:fdformat-bo Reference: SUN:00138 Buffer overflow in Solaris fdformat command gives root access to local users. VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech COMMENTS: Prosser> add ref Prosser> Sun Security Bulletin 00138 Prosser> http://sunsolve.sun.com/ ================================= Candidate: CAN-1999-0339 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:sol-sun-libauth Reference: RSI:RSI.0007.05-26-98 Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. Modifications: ADDREF RSI:RSI.0007.05-26-98 VOTES: ACCEPT(4) Northcutt, Hill, Prosser, Frech COMMENTS: Prosser> Sun never did release a bulletin for this BO but did release Prosser> patches for affected systems.add ref, Prosser> RSI Alert Advisory RSI.0007.05-26-98 Prosser> www.repsec.com ================================= Candidate: CAN-1999-0355 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software Reference: XF:controlit-reboot Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. VOTES: ACCEPT(3) Wall, Ozancin, Frech ================================= Candidate: CAN-1999-0363 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb02,1999 Reference: XF:plp-lpc-bo Reference: SF:328 SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. Modifications: DESC Change SuSe to SuSE VOTES: ACCEPT(2) Wall, Ozancin MODIFY(1) Frech COMMENTS: Frech> Change SuSe to SuSE. ================================= Candidate: CAN-1999-0365 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb04,1999 Reference: XF:metamail-header-commands The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. VOTES: ACCEPT(3) Wall, Ozancin, Frech ================================= Candidate: CAN-1999-0371 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb11,1999 Reference: XF:lynx-temp-files-race Lynx allows a local user to overwrite sensitive files through /tmp symlinks. VOTES: ACCEPT(3) Wall, Ozancin, Frech ================================= Candidate: CAN-1999-0404 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb14,1999 Reference: XF:mailmax-bo Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. VOTES: ACCEPT(3) Wall, Ozancin, Frech ================================= Candidate: CAN-1999-0405 Published: Final-Decision: Interim-Decision: 19990906 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: HERT:002 Reference: BUGTRAQ:Feb18,1999 Reference: XF:lsof-bo A buffer overflow in lsof allows local users to obtain root privilege. Modifications: ADDREF XF:lsof-bo VOTES: ACCEPT(3) Northcutt, Hill, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:lsof-bo ================================= Candidate: CAN-1999-0410 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar5,1999 Reference: XF:sol-cancel Reference: SF:293 The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. VOTES: ACCEPT(3) Wall, Ozancin, Frech ================================= Candidate: CAN-1999-0417 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar9,1999 Reference: XF:solaris-psinfo-crash Reference: SF:448 64 bit Solaris 7 procfs allows local users to perform a denial of service. VOTES: ACCEPT(3) Wall, Ozancin, Frech ================================= Candidate: CAN-1999-0441 Published: Final-Decision: Interim-Decision: 19990906 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: EEYE:AD02221999 Reference: XF:wingate-redirector-dos Reference: SF:509 Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service. VOTES: ACCEPT(3) Wall, Ozancin, Frech
|
||||
