|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 15 candidates from RECENT-02 (Final 1/3/2000)
I have made an Interim Decision to ACCEPT the following 15 candidates from the RECENT-02 cluster. I will make a Final Decision on January 3, 2000. RECENT-02 is our first "live" cluster to make it to this phase. Since it covers problems announced between December 4 and December 12, it will have taken 4 to 5 weeks from the initial public announcement to the assignment of a CVE number. Given the 2.5-week minimum that is built into the voting process (between proposal, interim decision, and final decision) and a 1 week lag between public announcement and proposal to the Board, these candidates were moved fairly rapidly. It is reasonable to expect that this 4-5 week lag will continue with the current voting process. Note that RECENT-01 is not being moved to Interim Decision yet, as one voter is still REVIEWING some of the candidates. This projects a 6-8 week lag for these candidates, as well as the other RECENT-02 candidates that have not yet moved to Interim Decision. As we begin to process brand-new candidates, the Editorial Board can consider whether this lag time is sufficient for bringing new entries into CVE. Voters: Christey NOOP(2) Cole ACCEPT(13) MODIFY(2) Stracener ACCEPT(14) MODIFY(1) Blake ACCEPT(14) RECAST(1) - Steve ================================= Candidate: CAN-1999-0972 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow Reference: BID:863 Buffer overflow in Xshipwars xsw program. INFERRED VOTE: CAN-1999-0972 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole NOOP(1) Christey COMMENTS: Cole> The buffer overflow is in the server and only in certain versions. Christey> Version numbers are not necessary to distinguish this Christey> from other candidates/entries. ================================= Candidate: CAN-1999-0973 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:858 Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. INFERRED VOTE: CAN-1999-0973 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0974 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: ISS:19991209 Buffer Overflow in Solaris Snoop Reference: SUN:00190 Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:864 Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. INFERRED VOTE: CAN-1999-0974 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0975 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT Reference: BID:868 The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. INFERRED VOTE: CAN-1999-0975 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0977 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: SF-INCIDENTS:19991209 sadmind Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability Reference: CERT:CA-99-16 Reference: BID:866 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. INFERRED VOTE: CAN-1999-0977 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0978 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991214 Category: SF Reference: DEBIAN:19991209 Reference: BID:867 htdig allows remote attackers to execute commands via filenames with shell metacharacters. Modifications: DESC exclude Debian INFERRED VOTE: CAN-1999-0978 RECAST (1 recast, 2 accept, 0 review) VOTES: MODIFY(2) Cole, Stracener NOOP(1) Christey RECAST(1) Blake COMMENTS: Cole> This occurs when it tries to handle non HTML files. Blake> if htdig is not unique to Debian (not sure). Stracener> This is a multi-platform vulnerability, at least in theory (given that Htdig Stracener> can run on platforms other than Debian). We might get more milage out of Stracener> this CAN by removing the word "Debian" from the description. Christey> The Debian advisory and associated patches show that the Christey> problem is not Debian-specific, so I removed Debian from Christey> the description as recommended. The confusion arose because Christey> Debian appears to be the developer of this package. ================================= Candidate: CAN-1999-0979 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: BID:869 The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. INFERRED VOTE: CAN-1999-0979 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0980 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: MS:MS99-055 Reference: MSKB:Q246045 Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. INFERRED VOTE: CAN-1999-0980 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0981 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: MS:MS99-050 Reference: MSKB:Q246094 Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." INFERRED VOTE: CAN-1999-0981 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0982 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: unknown Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. INFERRED VOTE: CAN-1999-0982 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0986 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 Big problem on 2.0.x? Reference: BID:870 The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. INFERRED VOTE: CAN-1999-0986 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0987 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name Reference: MSKB:Q237923 Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. INFERRED VOTE: CAN-1999-0987 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0989 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991205 new IE5 remote exploit Reference: BUGTRAQ:19991205 new IE5 remote exploit Reference: BID:861 Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. INFERRED VOTE: CAN-1999-0989 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0990 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991205 gdm thing Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. CONTENT-DECISIONS: SA-INFO INFERRED VOTE: CAN-1999-0990 ACCEPT (3 accept, 0 review) HAS_CDS VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0991 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BID:862 Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name. INFERRED VOTE: CAN-1999-0991 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener
|
||||
