|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 14 candidates from RECENT-02 cluster
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0972 CVE-1999-0972 CAN-1999-0973 CVE-1999-0973 CAN-1999-0974 CVE-1999-0974 CAN-1999-0975 CVE-1999-0975 CAN-1999-0977 CVE-1999-0977 CAN-1999-0978 CVE-1999-0978 CAN-1999-0979 CVE-1999-0979 CAN-1999-0980 CVE-1999-0980 CAN-1999-0981 CVE-1999-0981 CAN-1999-0982 CVE-1999-0982 CAN-1999-0986 CVE-1999-0986 CAN-1999-0987 CVE-1999-0987 CAN-1999-0989 CVE-1999-0989 CAN-1999-0991 CVE-1999-0991 ================================= Candidate: CAN-1999-0972 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow Reference: BID:863 Buffer overflow in Xshipwars xsw program. INFERRED VOTE: CAN-1999-0972 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole NOOP(1) Christey COMMENTS: Cole> The buffer overflow is in the server and only in certain versions. Christey> Version numbers are not necessary to distinguish this Christey> from other candidates/entries. ================================= Candidate: CAN-1999-0973 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:858 Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. INFERRED VOTE: CAN-1999-0973 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0974 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: ISS:19991209 Buffer Overflow in Solaris Snoop Reference: SUN:00190 Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:864 Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. INFERRED VOTE: CAN-1999-0974 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0975 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT Reference: BID:868 The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. INFERRED VOTE: CAN-1999-0975 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0977 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: SF-INCIDENTS:19991209 sadmind Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability Reference: CERT:CA-99-16 Reference: BID:866 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. INFERRED VOTE: CAN-1999-0977 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0978 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991214 Category: SF Reference: DEBIAN:19991209 Reference: BID:867 htdig allows remote attackers to execute commands via filenames with shell metacharacters. Modifications: DESC exclude Debian INFERRED VOTE: CAN-1999-0978 RECAST (1 recast, 2 accept, 0 review) VOTES: MODIFY(2) Cole, Stracener NOOP(1) Christey RECAST(1) Blake COMMENTS: Cole> This occurs when it tries to handle non HTML files. Blake> if htdig is not unique to Debian (not sure). Stracener> This is a multi-platform vulnerability, at least in theory (given that Htdig Stracener> can run on platforms other than Debian). We might get more milage out of Stracener> this CAN by removing the word "Debian" from the description. Christey> The Debian advisory and associated patches show that the Christey> problem is not Debian-specific, so I removed Debian from Christey> the description as recommended. The confusion arose because Christey> Debian appears to be the developer of this package. ================================= Candidate: CAN-1999-0979 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: BID:869 The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. INFERRED VOTE: CAN-1999-0979 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0980 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: MS:MS99-055 Reference: MSKB:Q246045 Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. INFERRED VOTE: CAN-1999-0980 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0981 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: MS:MS99-050 Reference: MSKB:Q246094 Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." INFERRED VOTE: CAN-1999-0981 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0982 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: unknown Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. INFERRED VOTE: CAN-1999-0982 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0986 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 Big problem on 2.0.x? Reference: BID:870 The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. INFERRED VOTE: CAN-1999-0986 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0987 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name Reference: MSKB:Q237923 Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. INFERRED VOTE: CAN-1999-0987 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0989 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991205 new IE5 remote exploit Reference: BUGTRAQ:19991205 new IE5 remote exploit Reference: BID:861 Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. INFERRED VOTE: CAN-1999-0989 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0991 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BID:862 Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name. INFERRED VOTE: CAN-1999-0991 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener
|
||||
