|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 22 candidates from LINUX (Final 1/3/2000)
I have made an Interim Decision to ACCEPT the following 22 candidates from the LINUX cluster. I will make a Final Decision on January 3, 2000. Voters: Christey NOOP(2) Cole ACCEPT(19) MODIFY(3) Stracener ACCEPT(7) MODIFY(15) Blake ACCEPT(21) NOOP(1) - Steve ================================= Candidate: CAN-1999-0705 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: XF:inn-inews-bo Reference: REDHAT:RHSA1999033_01 Reference: CALDERA:CSSA-1999-026 Reference: SUSE:19990831 Security hole in INN Reference: DEBIAN:19990907 Reference: BID:616 Buffer overflow in INN inews program. Modifications: ADDREF SUSE:19990831 Security hole in INN INFERRED VOTE: CAN-1999-0705 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: SUSE: Security hole in INN 31.08.99 ================================= Candidate: CAN-1999-0706 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: DEBIAN:19990807 Reference: SUSE:19990817 Security hole in i4l (xmonisdn) Reference: BID:583 Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. Modifications: ADDREF SUSE:19990817 Security hole in i4l (xmonisdn) DESC remove Debian - applies to various Linuxes INFERRED VOTE: CAN-1999-0706 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: SUSE: Security Hole in i4l (xmonisdn) 17.08.1999 Stracener> Add Ref: CSSA-1999-019.0 Security problem with xmonisdn Stracener> The issue with xmonisdn is not isolated to the Debian isdnutils package. The Stracener> description should be rewritten to encompass a greater level of generality. Stracener> I suggest: "xmonisdn allows local users to gain root privileges by modifying Stracener> the IFS or PATH environmental variables." ================================= Candidate: CAN-1999-0710 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: CF Reference: REDHAT:RHSA-1999:025-01 Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness The RedHat squid program installs cachemegr.cgi in a public web directory, allowing remote attackers to use it as an intermediary to connect to other systems. INFERRED VOTE: CAN-1999-0710 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> I recommend we categorize this as a Configuration Error (CF) as cachemgr.cgi Stracener> shipped with insecure default permissions. ================================= Candidate: CAN-1999-0730 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: DEBIAN:19990612 The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. INFERRED VOTE: CAN-1999-0730 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0731 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990623 Security flaw in klock Reference: CALDERA:CSSA-1999:017 Reference: SUSE:19990629 Security hole in Klock Reference: BID:489 The KDE klock program allows local users to unlock a session using malformed input. Modifications: ADDREF SUSE:19990629 Security hole in Klock ADDREF BID:489 CHANGEREF BUGTRAQ [add date] INFERRED VOTE: CAN-1999-0731 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Red: SUSE: Security hole in Klock 29.06.1999: ================================= Candidate: CAN-1999-0732 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: DEBIAN:19990823b Reference: XF:smtp-refuser-tmp The logging facilitity of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. INFERRED VOTE: CAN-1999-0732 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0735 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: ISS:KDE K-Mail File Creation Vulnerability Reference: CALDERA:CSSA-1999:016 Reference: REDHAT:RHSA-1999:015-01 KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. Modifications: ADDREF REDHAT:RHSA-1999:015-01 INFERRED VOTE: CAN-1999-0735 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: REDHAT: RHSA-1999:015-01 ================================= Candidate: CAN-1999-0769 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: REDHAT:RHSA-1999:030-02 Reference: CALDERA:CSSA-1999:023.0 Reference: SUSE:19990829 Security hole in cron Reference: DEBIAN:19990830 cron Reference: BID:611 Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. Modifications: ADDREF SUSE:19990829 Security hole in cron ADDREF DEBIAN:19990830 cron INFERRED VOTE: CAN-1999-0769 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(1) Blake MODIFY(2) Cole, Stracener COMMENTS: Cole> It is done by failure to validate the contents. Stracener> Add Ref: DEBIAN: cron [30 Aug 1999] Stracener> Add Ref: SUSE: Security hole in cron 29.08.1999: ================================= Candidate: CAN-1999-0774 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf Reference: REDHAT:RHSA1999037_01 Reference: SUSE:19990916 Security hole in mars nwe Reference: BID:617 Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. Modifications: ADDREF SUSE:19990916 Security hole in mars nwe INFERRED VOTE: CAN-1999-0774 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: SUSE: Security hole in mars nwe 16.09.1999 ================================= Candidate: CAN-1999-0804 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit Reference: DEBIAN:19990607 Reference: CALDERA:CSSA-1999:013 Reference: SUSE:19990602 Denial of Service on the 2.2 kernel Reference: REDHAT:19990603 Kernel Update Reference: BID:302 Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. Modifications: ADDREF REDHAT:19990603 Kernel Update INFERRED VOTE: CAN-1999-0804 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: REDHAT: Kernel Update 03-June-1999 ================================= Candidate: CAN-1999-0810 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: REDHAT:RHSA-1999:022-02 Reference: CALDERA:CSSA-1999:018.0 Reference: SUSE:19990816 Security hole in Samba Reference: DEBIAN:19990731 Samba Denial of service in Samba NETBIOS name service daemon (nmbd). Modifications: ADDREF CALDERA:CSSA-1999:018.0 ADDREF SUSE:19990816 Security hole in Samba ADDREF DEBIAN:19990731 Samba INFERRED VOTE: CAN-1999-0810 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: CALDERA: CSSA-1999:018.0 Stracener> Add Ref: DEBIAN: Samba [31-Jul-1999] Stracener> Add Ref: SUSE: Security hole in Samba 16.08.1999 ================================= Candidate: CAN-1999-0812 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: REDHAT:RHSA-1999:022-02 Reference: CALDERA:CSSA-1999:018.0 Reference: SUSE:19990816 Security hole in Samba Reference: DEBIAN:19990731 Samba Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. Modifications: ADDREF CALDERA:CSSA-1999:018.0 ADDREF SUSE:19990816 Security hole in Samba ADDREF DEBIAN:19990731 Samba INFERRED VOTE: CAN-1999-0812 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: CALDERA: CSSA-1999:018.0 Stracener> Add Ref: DEBIAN: Samba [31-Jul-1999] Stracener> Add Ref: SUSE: Security hole in Samba 16.08.1999 ================================= Candidate: CAN-1999-0814 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: unknown Reference: REDHAT:RHSA-1999:027 Red Hat pump DHCP client allows remote attackers to gain root access in some configurations. INFERRED VOTE: CAN-1999-0814 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener NOOP(1) Christey COMMENTS: Stracener> Recommend Category CF Christey> The advisory says that the problem occurs in some Christey> configurations, but is it a software bug that's only Christey> exploitable in some configs? That'd be an SF... or is it Christey> a configuration that's insecure? That'd be a CF. ================================= Candidate: CAN-1999-0817 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: SUSE:19990915 Security hole in lynx Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. INFERRED VOTE: CAN-1999-0817 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0894 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: REDHAT:RHSA1999042-01 Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. INFERRED VOTE: CAN-1999-0894 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0900 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation. Modifications: ADDREF SUSE:19991023 Security hole in ypserv < 1.3.9 ADDREF DEBIAN:19991027 nis INFERRED VOTE: CAN-1999-0900 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: SUSE: Security hole in ypserv < 1.3.9 23.10.1999 Stracener> Add Ref: DEBIAN: nis [27-OCT-1999] ================================= Candidate: CAN-1999-0901 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis ypserv allows a local user to modify the GECOS and login shells of other users. Modifications: ADDREF SUSE:19991023 Security hole in ypserv < 1.3.9 ADDREF DEBIAN:19991027 nis INFERRED VOTE: CAN-1999-0901 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: SUSE: Security hole in ypserv < 1.3.9 23.10.1999 Stracener> Add Ref: DEBIAN: nis [27-OCT-1999] ================================= Candidate: CAN-1999-0902 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: REDHAT:RHSA1999046-01 Reference: SUSE:19991023 Security hole in ypserv < 1.3.9 Reference: DEBIAN:19991027 nis ypserv allows local administrators to modify password tables. Modifications: ADDREF SUSE:19991023 Security hole in ypserv < 1.3.9 ADDREF DEBIAN:19991027 nis INFERRED VOTE: CAN-1999-0902 ACCEPT_ACK (2 accept, 4 ack, 0 review) VOTES: ACCEPT(1) Cole MODIFY(1) Stracener NOOP(1) Blake COMMENTS: Stracener> Add Ref: SUSE: Security hole in ypserv < 1.3.9 23.10.1999 Stracener> Add Ref: DEBIAN: nis [27-OCT-1999] ================================= Candidate: CAN-1999-0907 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier sccw allows local users to read arbitrary files. INFERRED VOTE: CAN-1999-0907 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0914 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: DEBIAN:19990104 Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows Reference: BID:324 Buffer overflow in the FTP client in the Debian GNU/Linux netstd package. INFERRED VOTE: CAN-1999-0914 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole NOOP(1) Christey COMMENTS: Cole> This actually results in two DOS attacks, one in the bootp server Cole> and one in the ftp server. Christey> The bootp problem is CAN-1999-0389 in the UNIX-UNCONF Christey> cluster. ================================= Candidate: CAN-1999-0939 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability Reference: DEBIAN:19990826 Reference: BID:605 Denial of service in Debian IRC Epic/epic4 client via a long string. INFERRED VOTE: CAN-1999-0939 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> This can result in either the client crashing or arbitrary code Cole> being sent to the screen. ================================= Candidate: CAN-1999-0940 Published: Final-Decision: Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: CALDERA:CSSA-1999-031 Reference: SUSE:19990927 Security hole in mutt Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. Modifications: ADDREF SUSE:19990927 Security hole in mutt INFERRED VOTE: CAN-1999-0940 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Cole, Blake MODIFY(1) Stracener COMMENTS: Stracener> Add Ref: SUSE: Security hole in mutt 27.09.1999:
|
||||
