|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] FINAL DECISION: ACCEPT 50 various candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. Voting details and comments are provided afterwards. This brings the total number of CVE entries to 317. The CVE names for candidates that reach Final Decision should be regarded as stable. In the case of these and all other candidates that reach Final Decision during this validation period, accepted candidates won't reach Publication phase until CVE goes fully public. The only difference between Publication and Final Decision is that the CVE name is officially "announced" by MITRE during Publication. - Steve Candidate CVE Name --------- ---------- CAN-1999-0009 CVE-1999-0009 CAN-1999-0010 CVE-1999-0010 CAN-1999-0011 CVE-1999-0011 CAN-1999-0016 CVE-1999-0016 CAN-1999-0025 CVE-1999-0025 CAN-1999-0026 CVE-1999-0026 CAN-1999-0027 CVE-1999-0027 CAN-1999-0028 CVE-1999-0028 CAN-1999-0029 CVE-1999-0029 CAN-1999-0037 CVE-1999-0037 CAN-1999-0059 CVE-1999-0059 CAN-1999-0068 CVE-1999-0068 CAN-1999-0075 CVE-1999-0075 CAN-1999-0084 CVE-1999-0084 CAN-1999-0087 CVE-1999-0087 CAN-1999-0095 CVE-1999-0095 CAN-1999-0096 CVE-1999-0096 CAN-1999-0126 CVE-1999-0126 CAN-1999-0138 CVE-1999-0138 CAN-1999-0150 CVE-1999-0150 CAN-1999-0152 CVE-1999-0152 CAN-1999-0167 CVE-1999-0167 CAN-1999-0175 CVE-1999-0175 CAN-1999-0183 CVE-1999-0183 CAN-1999-0202 CVE-1999-0202 CAN-1999-0204 CVE-1999-0204 CAN-1999-0245 CVE-1999-0245 CAN-1999-0260 CVE-1999-0260 CAN-1999-0273 CVE-1999-0273 CAN-1999-0281 CVE-1999-0281 CAN-1999-0289 CVE-1999-0289 CAN-1999-0346 CVE-1999-0346 CAN-1999-0348 CVE-1999-0348 CAN-1999-0350 CVE-1999-0350 CAN-1999-0362 CVE-1999-0362 CAN-1999-0368 CVE-1999-0368 CAN-1999-0383 CVE-1999-0383 CAN-1999-0388 CVE-1999-0388 CAN-1999-0391 CVE-1999-0391 CAN-1999-0412 CVE-1999-0412 CAN-1999-0424 CVE-1999-0424 CAN-1999-0425 CVE-1999-0425 CAN-1999-0437 CVE-1999-0437 CAN-1999-0438 CVE-1999-0438 CAN-1999-0448 CVE-1999-0448 CAN-1999-0449 CVE-1999-0449 CAN-1999-0458 CVE-1999-0458 CAN-1999-0494 CVE-1999-0494 CAN-1999-0514 CVE-1999-0514 CAN-1999-0526 CVE-1999-0526 ================================= Candidate: CAN-1999-0009 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: XF:bind-bo Reference: SUN:00180 Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. VOTES: ACCEPT(6) Frech, Northcutt, Blake, Prosser, Balinsky, Levy ================================= Candidate: CAN-1999-0010 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: XF:bind-dos Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. VOTES: ACCEPT(4) Frech, Blake, Northcutt, Prosser ================================= Candidate: CAN-1999-0011 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: SUN:00180 Reference: XF:bind-axfr-dos Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. Modifications: CHANGEREF XF:bind-dos XF:bind-axfr-dos VOTES: ACCEPT(2) Blake, Northcutt MODIFY(1) Frech COMMENTS: Frech> Change XF reference to: Frech> XF:bind-axfr-dos ================================= Candidate: CAN-1999-0016 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-02 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.28.Teardrop_Land Reference: FreeBSD:FreeBSD-SA-98:01 Reference: HP:HPSBUX9801-076 Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml Reference: XF:cisco-land Reference: XF:land Reference: XF:95-verv-tcp Reference: XF:land-patch Reference: XF:ver-tcpip-sys Land IP denial of service Modifications: ADDREF HP:HPSBUX9801-076 ADDREF XF:ver-tcpip-sys DELREF XF:land-exploit VOTES: ACCEPT(4) Northcutt, Blake, Balinsky, Ozancin MODIFY(1) Frech COMMENTS: Frech> XF:ver-tcpip-sys (applies to a check, not a vulnerability, and is thus not Frech> listed on website) Frech> XF:land-exploit (obsolete, replaced by land) ================================= Candidate: CAN-1999-0025 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul Reference: XF:df-bo root privileges via buffer overflow in df command on SGI IRIX systems. VOTES: ACCEPT(2) Frech, Ozancin ================================= Candidate: CAN-1999-0026 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul Reference: XF:pset-bo root privileges via buffer overflow in pset command on SGI IRIX systems. VOTES: ACCEPT(3) Frech, Prosser, Ozancin ================================= Candidate: CAN-1999-0027 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul Reference: XF:eject-bo root privileges via buffer overflow in eject command on SGI IRIX systems. VOTES: ACCEPT(2) Frech, Ozancin ================================= Candidate: CAN-1999-0028 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul Reference: XF:sgi-schemebo root privileges via buffer overflow in login/scheme command on SGI IRIX systems. Modifications: ADDREF XF:sgi-schemebo VOTES: ACCEPT(1) Prosser MODIFY(2) Frech, Ozancin COMMENTS: Frech> XF:sgi-schemebo Ozancin> => login/scheme ================================= Candidate: CAN-1999-0029 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul Reference: XF:ordist-bo root privileges via buffer overflow in ordist command on SGI IRIX systems. VOTES: ACCEPT(2) Frech, Ozancin ================================= Candidate: CAN-1999-0037 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: CERT:CA-97.14.metamail Reference: XF:metamail-header-commands Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. Modifications: ADDREF XF:metamail-header-commands VOTES: ACCEPT(4) Hill, Prosser, Landfield, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:metamail-header-commands ================================= Candidate: CAN-1999-0059 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: NAI:NAI-16 Reference: XF:irix-fam IRIX fam service allows an attacker to obtain a list of all files on the server. VOTES: ACCEPT(3) Hill, Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:irix-fam ================================= Candidate: CAN-1999-0068 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-php-mylog Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts CGI PHP mylog script allows an attacker to read any file on the target server. Modifications: ADDREF BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts VOTES: ACCEPT(2) Frech, Northcutt MODIFY(1) Prosser COMMENTS: Prosser> add source Prosser> Bugtraq Prosser> "Vulnerability in PHP Example Logging Scripts" Prosser> http://www.securityfocus.com/bugtraq/1997_3/0560.html ================================= Candidate: CAN-1999-0075 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990928-02 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd Reference: XF:ftp-pasvcore PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. Modifications: ADDREF BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd DESC make more explicit to distinguish from CAN-1999-0076 CHANGEREF XF:pasvcore XF:ftp-pasvcore VOTES: MODIFY(2) Frech, Prosser COMMENTS: Frech> There is no pasvcore record; delete and add Frech> XF:ftp-pasvcore Prosser> additional sources Prosser> Various BUGTRAQ messages Prosser> http://www.securityfocus.com/ Prosser> http://oliver.efri.hr/~crv/security/bugs/SunOS/wuftpd7.html Prosser> http://www.insecure.org/sploits ================================= Candidate: CAN-1999-0084 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:nfs-mknod NFS mknod bug VOTES: ACCEPT(5) Hill, Frech, Northcutt, Proctor, Balinsky ================================= Candidate: CAN-1999-0087 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:ibm-telnetdos Reference: ERS:ERS-SVA-E01-1998:003.1 Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. Modifications: ADDREF XF:ibm-telnetdos VOTES: ACCEPT(1) Hill MODIFY(3) Meunier, Frech, Landfield NOOP(2) Northcutt, Christey COMMENTS: Meunier> Add "STD0011: Incorrect or incomplete address field found and ignored" to Meunier> distinguish from other vulnerabilities resulting in DOS on AIX telnet that Meunier> might be discovered in the future. Frech> XF:ibm-telnetdos Christey> To keep the description as short and simple as possible, we Christey> should avoid this specific detail until there is a second AIX Christey> telnet DoS ================================= Candidate: CAN-1999-0095 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: CERT:CA-88.01 Reference: CERT:CA-93.14 Reference: XF:smtp-debug The debug command in Sendmail is enabled, allowing attackers to execute commands as root. Modifications: ADDREF CERT:CA-88.01 ADDREF CERT:CA-93.14 DESC change to reflect that it's a config problem VOTES: ACCEPT(7) Hill, Frech, Blake, Northcutt, Proctor, Balinsky, Ozancin NOOP(1) Christey RECAST(1) Prosser COMMENTS: Northcutt> (I swear I have voted for this before, this is how I got into Northcutt> computer security, someone broke into my SUN WS doing this) Prosser> There is an sendmail 8.6.7 debug vulnerability :source Prosser> CERT Advisory CA-94.12 Prosser> http://www.cert.org Prosser> as well as an older BSD sendmail 5.59 debug vulnerability Prosser> CERT Advisory CA-88.01,96.20, 24 and 25 Prosser> which one are we talking about here Christey> Some of Steve's votes got lost somehow. I found them and Christey> re-entered them, using his latest votes where conflicts Christey> occurred. Christey> Christey> With respect to CERT advisories, some of the advisories Christey> mentioned by Mike are superseded by others, and not available Christey> on the CERT web site. However, this entry is referencing Christey> when Sendmail is configured with the Debug option enabled, Christey> as referred to in CA-88.01 and CA-93.14. ================================= Candidate: CAN-1999-0096 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: CERT:CA-93.16 Reference: CERT:CA-95.05 Reference: CIAC:A-13 Reference: CIAC:A-14 Reference: SUN:00122 Reference: XF:smtp-dcod Sendmail decode alias can be used to overwrite sensitive files Modifications: ADDREF CERT:CA-93.16 ADDREF CERT:CA-95.05 ADDREF CIAC:A-13 ADDREF CIAC:A-14 ADDREF SUN:00122 VOTES: ACCEPT(7) Hill, Frech, Blake, Northcutt, Proctor, Balinsky, Ozancin MODIFY(1) Prosser COMMENTS: Prosser> additional sources Prosser> CERT Advisory CA-93:16, CA-95.05 Prosser> http://www.cert.org Prosser> Sun Security Bulletin 00122 Prosser> http://www.sunsolve.sun.com ================================= Candidate: CAN-1999-0126 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:VB-98.04.xterm.Xaw Reference: CIAC:J-010 Reference: XF:xfree86-xterm-xaw Reference: XF:xfree86-xaw SGI IRIX buffer overflow in xterm and Xaw allows root access. Modifications: ADDREF XF:xfree86-xterm-xaw ADDREF XF:xfree86-xaw VOTES: ACCEPT(3) Northcutt, Prosser, Ozancin MODIFY(1) Frech COMMENTS: Frech> XF:xfree86-xterm-xaw Frech> XF:xfree86-xaw ================================= Candidate: CAN-1999-0138 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-96.12.suidperl_vul Reference: XF:sperl-suid The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. Modifications: ADDREF XF:sperl-suid VOTES: ACCEPT(1) Prosser MODIFY(1) Frech COMMENTS: Frech> XF:sperl-suid ================================= Candidate: CAN-1999-0150 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:perl-fingerd The Perl fingerd program allows arbitrary command execution from remote users. Modifications: ADDREF XF:perl-fingerd VOTES: ACCEPT(3) Hill, Northcutt, Proctor MODIFY(1) Frech COMMENTS: Frech> XF:perl-fingerd ================================= Candidate: CAN-1999-0152 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability Reference: XF:dgux-fingerd The DG/UX finger daemon allows remote command execution through shell metacharacters. Modifications: ADDREF BUGTRAQ:19970811 dgux in.fingerd vulnerability VOTES: ACCEPT(5) Hill, Frech, Northcutt, Proctor, Balinsky MODIFY(1) Prosser COMMENTS: Prosser> additional resource Prosser> Bugtraq Prosser> "dgux in.fingerd vulnerability" Prosser> http://www.securityfocus.com/ ================================= Candidate: CAN-1999-0167 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:nfs-guess Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. Modifications: ADDREF CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand VOTES: ACCEPT(6) Hill, Frech, Blake, Northcutt, Proctor, Balinsky MODIFY(1) Prosser COMMENTS: Prosser> sort of an oldie source Prosser> CERT Security Alert CA-91:21 Prosser> http://www.cert.org ================================= Candidate: CAN-1999-0175 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:http-nov-convert The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. VOTES: ACCEPT(4) Hill, Frech, Blake, Northcutt ================================= Candidate: CAN-1999-0183 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:linux-tftp Linux implementations of TFTP would allow access to files outside the restricted directory. VOTES: ACCEPT(3) Hill, Frech, Landfield NOOP(1) Northcutt ================================= Candidate: CAN-1999-0202 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:ftp-exectar The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. VOTES: ACCEPT(4) Hill, Frech, Northcutt, Proctor ================================= Candidate: CAN-1999-0204 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:ident-bo Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. Modifications: ADDREF XF:ident-bo VOTES: ACCEPT(3) Hill, Balinsky, Landfield NOOP(1) Northcutt REVIEWING(1) Frech COMMENTS: Frech> probably XF:ident-bo ================================= Candidate: CAN-1999-0245 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix Reference: XF:linux-plus Some configurations of NIS+ in Linux allowed attackers to log in as the user "+" Modifications: ADDREF BUGTRAQ:19950907 Linux NIS security problem hole and fix VOTES: ACCEPT(3) Hill, Frech, Northcutt MODIFY(1) Prosser COMMENTS: Prosser> source Prosser> BUGTRAQ Prosser> "Linux NIS security problem hole and fix" Prosser> http://www.securityfocus.com/ ================================= Candidate: CAN-1999-0260 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19961224 jj cgi Reference: XF:http-cgi-jj The jj CGI program allows command execution via shell metacharacters. Modifications: ADDREF XF:http-cgi-jj ADDREF BUGTRAQ:19961224 jj cgi VOTES: ACCEPT(2) Hill, Ozancin MODIFY(1) Frech NOOP(2) Northcutt, Landfield COMMENTS: Frech> XF:http-cgi-jj ================================= Candidate: CAN-1999-0273 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:sun-telnet-kill Denial of service through Solaris 2.5.1 telnet by sending ^D characters. Modifications: ADDREF XF:sun-telnet-kill VOTES: ACCEPT(3) Hill, Blake, Northcutt MODIFY(1) Frech NOOP(1) Meunier COMMENTS: Frech> XF:sun-telnet-kill ================================= Candidate: CAN-1999-0281 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:http-iis-longurl Denial of service in IIS using long URLs. Modifications: ADDREF XF:http-iis-longurl VOTES: ACCEPT(6) Hill, Blake, Wall, Balinsky, Ozancin, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:http-iis-longurl ================================= Candidate: CAN-1999-0289 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. VOTES: ACCEPT(4) Hill, Blake, Landfield, Ozancin NOOP(1) Northcutt REVIEWING(1) Frech ================================= Candidate: CAN-1999-0346 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990928-02 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts Reference: XF:http-cgi-php-mlog CGI PHP mlog script allows an attacker to read any file on the target server. Modifications: ADDREF XF:http-cgi-php-mlog ADDREF BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts VOTES: ACCEPT(2) Northcutt, Proctor MODIFY(1) Frech COMMENTS: Frech> XF:http-cgi-php-mlog ================================= Candidate: CAN-1999-0348 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NTBUGTRAQ:Jan27,1999 Reference: MSKB:Q197003 IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. Modifications: ADDREF MSKB:Q197003 VOTES: ACCEPT(4) Northcutt, Prosser, Wall, Levy REVIEWING(1) Frech COMMENTS: Prosser> additional source Prosser> MS KnowledgeBase Article Q197003 Prosser> http://support.microsoft.com/support/kb/articles/q197/0/03.asp ================================= Candidate: CAN-1999-0350 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: L0PHT:Feb8,1999 Reference: XF:clearcase-temp-race Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. Modifications: ADDREF XF:clearcase-temp-race VOTES: ACCEPT(3) Hill, Prosser, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:clearcase-temp-race ================================= Candidate: CAN-1999-0362 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: EEYE:AD02021999 Reference: XF:wsftp-remote-dos Reference: SF:217 WS_FTP server remote denial of service through cwd command. VOTES: ACCEPT(4) Ozancin, Frech, Northcutt, Levy NOOP(1) Wall ================================= Candidate: CAN-1999-0368 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NETECT:palmetto.ftpd Reference: CERT:CA-99.03 Reference: XF:palmetto-ftpd-bo Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. Modifications: ADDREF XF:palmetto-ftpd-bo VOTES: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:palmetto-ftpd-bo ================================= Candidate: CAN-1999-0383 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb02,1999 Reference: XF:acc-tigris-login ACC Tigris allows public access without a login. Modifications: DESC change allowed to allows for consistency VOTES: ACCEPT(1) Ozancin MODIFY(1) Frech NOOP(3) Wall, Northcutt, Landfield COMMENTS: Frech> Change allowed to allows. ================================= Candidate: CAN-1999-0388 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:datalynx-suguard-relative-paths Reference: L0PHT:Jan3,1999 DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. VOTES: ACCEPT(4) Hill, Frech, Prosser, Northcutt ================================= Candidate: CAN-1999-0391 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990928-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: L0PHT:Jan. 5, 1999 The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. Modifications: DESC Tiny changes, spelling corrections VOTES: ACCEPT(4) Hill, Northcutt, Landfield, Levy REVIEWING(1) Frech ================================= Candidate: CAN-1999-0412 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb19,1999 Reference: XF:iis-isapi-execute Reference: SF:501 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. VOTES: ACCEPT(2) Frech, Wall NOOP(1) Ozancin ================================= Candidate: CAN-1999-0424 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-overwrite talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. VOTES: ACCEPT(3) Ozancin, Frech, Prosser REVIEWING(1) Wall COMMENTS: Prosser> source should be Prosser> SuSE Security Announcements Prosser> "Security hole in Netscape Communicator's 4.5 'talkback' function" Prosser> http://www.suse.de/security ================================= Candidate: CAN-1999-0425 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-kill talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. VOTES: ACCEPT(3) Ozancin, Frech, Prosser REVIEWING(1) Wall COMMENTS: Prosser> again source should be Prosser> SuSE Security Announcements Prosser> "Security hole in Netscape Communicator's 4.5 'talkback' function" Prosser> http://www.suse.de/security ================================= Candidate: CAN-1999-0437 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-device-crash Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. Modifications: ADDREF XF:webramp-device-crash VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech NOOP(2) Northcutt, Landfield COMMENTS: Frech> XF:webramp-device-crash Landfield> - really should specify versions ================================= Candidate: CAN-1999-0438 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-ipchange Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. Modifications: ADDREF XF:webramp-ipchange VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech NOOP(2) Northcutt, Landfield COMMENTS: Frech> XF:webramp-ipchange Landfield> - really should specify versions ================================= Candidate: CAN-1999-0448 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: XF:iis-http-request-logging IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. VOTES: ACCEPT(3) Frech, Wall, Levy NOOP(2) Ozancin, Landfield ================================= Candidate: CAN-1999-0449 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan26,1999 Reference: XF:iis-exair-dos Reference: SF:193 Denial of service in IIS 4 with scripts from the ExAir sample site. VOTES: ACCEPT(4) Wall, Frech, Northcutt, Levy ================================= Candidate: CAN-1999-0458 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan6,1999 Reference: XF:l0phtcrack-temp-files L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. Modifications: ADDREF XF:l0phtcrack-temp-files VOTES: ACCEPT(3) Hill, Prosser, Northcutt MODIFY(1) Frech NOOP(2) Landfield, Levy COMMENTS: Frech> XF:l0phtcrack-temp-files ================================= Candidate: CAN-1999-0494 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:wingate-pop3-user-bo Denial of service in WinGate proxy through a buffer overflow in POP3. VOTES: ACCEPT(5) Hill, Frech, Northcutt, Landfield, Ozancin ================================= Candidate: CAN-1999-0514 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: XF:fraggle UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. Modifications: ADDREF XF:fraggle DESC clarified at Landfield's prompting VOTES: ACCEPT(2) Hill, Northcutt MODIFY(1) Frech REVIEWING(1) Landfield COMMENTS: Frech> XF:fraggle Landfield> System ? General Stack issue ? This is not clear. ================================= Candidate: CAN-1999-0526 Published: Final-Decision: 19990928 Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: XF:xcheck-keystroke An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. Modifications: ADDREF XF:xcheck-keystroke DESC Rephrase per Northcutt's suggestion VOTES: ACCEPT(4) Hill, Blake, Proctor, Balinsky MODIFY(2) Frech, Northcutt COMMENTS: Frech> XF:xcheck-keystroke Northcutt> X does have some access control as long as a user (insider) doesn't type Northcutt> "xhost +". I don't think an outsider can disable the access. Northcutt> Suggested phrasing "An X server's access control can be disabled e.g. Northcutt> through an "xhost +" command and allows anyone to connect to the server."
|
||||
