|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FINAL DECISION: ACCEPT 4 SA category candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. Voting details and comments are provided afterwards. The CVE names for candidates that reach Final Decision should be regarded as stable. In the case of these and all other candidates that reach Final Decision during this validation period, accepted candidates won't reach Publication phase until CVE goes fully public. The only difference between Publication and Final Decision is that the CVE name is officially "announced" by MITRE during Publication. - Steve Candidate CVE Name --------- ---------- CAN-1999-0612 CVE-1999-0612 CAN-1999-0626 CVE-1999-0626 CAN-1999-0627 CVE-1999-0627 CAN-1999-0628 CVE-1999-0628 ================================= Candidate: CAN-1999-0612 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990928-02 Proposed: 19990721 Assigned: 19990607 Category: SA Reference: XF:finger-out Reference: XF:finger-running A version of finger is running that exposes valid user information to any entity on the network. Modifications: ADDREF XF:finger-out ADDREF XF:finger-running DESC give reason why finger is an exposure VOTES: ACCEPT(5) Wall, Northcutt, Baker, Ozancin, Meunier MODIFY(2) Frech, Spafford COMMENTS: Frech> XF:finger-out Frech> XF:finger-running Spafford> [Change the description to identify the original service] ================================= Candidate: CAN-1999-0626 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990928-02 Proposed: 19990721 Assigned: 19990607 Category: SA Reference: XF:rusersd Reference: XF:ruser A version of rusers is running that exposes valid user information to any entity on the network. Modifications: ADDREF XF:rusersd ADDREF XF:ruser DESC Say why rusers is an exposure VOTES: ACCEPT(4) Northcutt, Baker, Ozancin, Meunier MODIFY(1) Frech NOOP(1) Wall COMMENTS: Frech> XF:rusersd Frech> XF:ruser ================================= Candidate: CAN-1999-0627 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990928-01 Proposed: 19990721 Assigned: 19990607 Category: SA Reference: XF:rexd The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. Modifications: ADDREF XF:rexd Say why rexd is an exposure VOTES: ACCEPT(5) Wall, Northcutt, Baker, Ozancin, Meunier MODIFY(1) Frech COMMENTS: Frech> XF:rexd ================================= Candidate: CAN-1999-0628 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990928-01 Proposed: 19990721 Assigned: 19990607 Category: SA Reference: XF:rwhod The rwho/rwhod service is running, which exposes machine status and user information. Modifications: ADDREF XF:rwhod DESC Say why rwho is an exposure VOTES: ACCEPT(4) Northcutt, Baker, Ozancin, Meunier MODIFY(1) Frech NOOP(1) Wall COMMENTS: Frech> XF:rwhod
|
||||
