|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 17 candidates from various clusters
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0151 CVE-1999-0151 CAN-1999-0212 CVE-1999-0212 CAN-1999-0275 CVE-1999-0275 CAN-1999-0280 CVE-1999-0280 CAN-1999-0290 CVE-1999-0290 CAN-1999-0291 CVE-1999-0291 CAN-1999-0297 CVE-1999-0297 CAN-1999-0304 CVE-1999-0304 CAN-1999-0318 CVE-1999-0318 CAN-1999-0322 CVE-1999-0322 CAN-1999-0343 CVE-1999-0343 CAN-1999-0408 CVE-1999-0408 CAN-1999-0409 CVE-1999-0409 CAN-1999-0421 CVE-1999-0421 CAN-1999-0428 CVE-1999-0428 CAN-1999-0439 CVE-1999-0439 CAN-1999-0470 CVE-1999-0470 ================================= Candidate: CAN-1999-0151 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: CERT:CA-95.07a.REVISED.satan.vul Reference: CERT:CA-95.06.satan.vul The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. INFERRED VOTE: CAN-1999-0151 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(2) Hill, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:satan-scan ================================= Candidate: CAN-1999-0212 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990617 Assigned: 19990607 Category: SF Reference: SUN:00168 Reference: CIAC:I-048 Reference: XF:sun-mountd Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. Modifications: DESC remove Linux ADDREF XF:sun-mountd ADDREF CIAC:I-048 INFERRED VOTE: CAN-1999-0212 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(1) Prosser MODIFY(2) Northcutt, Frech NOOP(1) Christey COMMENTS: Northcutt> I am concerned that Linux is becoming too Northcutt> non descript a word, in the past two weeks I have run Northcutt> across 3 Linuxes I had never heard of before. I think we need Northcutt> to start being specific when we mention Linux either by Northcutt> the kernal or vendor or something. Frech> Reference: XF:sun-mountd Christey> Does this affect more than Solaris mountd? ================================= Candidate: CAN-1999-0275 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: XF:nt-dnscrash Reference: XF:nt-dnsver Reference: MS:Q169461 Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. Modifications: CHANGEREF XF:nt-dns-crash XF:nt-dnscrash DESC slight change to mention port 53 specifically. ADDREF XF:nt-dnsver INFERRED VOTE: CAN-1999-0275 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(1) Ozancin MODIFY(2) Wall, Frech NOOP(1) Christey COMMENTS: Wall> Denial of service in Windows NT DNS servers by malicious telnet attack. Frech> Change XF:nt-dns-crash to XF:nt-dnscrash Frech> ADDREF XF:nt-dnsver Christey> The XF entry, and the corresponding Microsoft KB articles, Christey> indicate that there is more than one vulnerability related to Christey> the DNS server. Other candidates need to be created for the Christey> other cases, including the telnet case that Mike mentions. ================================= Candidate: CAN-1999-0280 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4 Reference: CIAC:H-38 Reference: XF:http-ie-lnkurl Remote command execution in Microsoft Internet Explorer using .lnk and .url files. Modifications: ADDREF CIAC:H-38 ADDREF XF:http-ie-lnkurl ADDREF NTBUGTRAQ:19970317 Internet Explorer Bug #4 INFERRED VOTE: CAN-1999-0280 ACCEPT (6 accept, 0 review) VOTES: ACCEPT(5) Hill, Wall, Northcutt, Proctor, Balinsky MODIFY(2) Frech, Prosser NOOP(1) Christey COMMENTS: Frech> XF:http-ie-lnkurl Prosser> additional source Prosser> CIAC Bulletin H-38 Prosser> http://www.ciac.org Prosser> Microsoft Internet Explorer Security Updates Prosser> "Internet Explorer 3.02 Includes All Security" Prosser> http://www.microsoft.com/windows/ie/security Christey> Mike's Microsoft reference is no longer listed there. Christey> This topic appears to have generated a long NTBugtraq thread. ================================= Candidate: CAN-1999-0290 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19980221 WinGate DoS Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update Reference: XF:wingate-dos The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. Modifications: ADDREF BUGTRAQ:19980221 WinGate DoS ADDREF BUGTRAQ:19980326 WinGate Intermediary Fix/Update ADDREF XF:wingate-dos DESC Add localhost info INFERRED VOTE: CAN-1999-0290 ACCEPT (4 accept, 0 review) VOTES: ACCEPT(3) Hill, Blake, Northcutt MODIFY(2) Frech, Prosser COMMENTS: Frech> XF:wingate-dos Prosser> additional source Prosser> Hrvoje Crvelin Prosser> Security Bugware Prosser> http://161.53.42.3/~crv/security/bugs/NT/wingate2.html ================================= Candidate: CAN-1999-0291 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990630 Assigned: 19990607 Category: unknown Reference: XF:wingate-unpassworded The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. Modifications: ADDREF XF:wingate-unpassworded INFERRED VOTE: CAN-1999-0291 ACCEPT (5 accept, 0 review) VOTES: ACCEPT(4) Hill, Blake, Northcutt, Ozancin MODIFY(2) Frech, Prosser COMMENTS: Frech> Description needs more info or references on how this redirection takes Frech> place. Is it by password access" If so, consider these two references: Frech> XF:wingate-unpassworded Frech> XF:wingate-registry-passwords Prosser> believe this is the "WinGate Bounce" described in Prosser> Hrvoje Crvelin's Prosser> Security Bugware Prosser> http://161.53.42.3/~crv/security/bugs/NT/wingate.htm ================================= Candidate: CAN-1999-0297 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991216-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NAI:NAI-3 Reference: AUSCERT:AA-96.21 Reference: CIAC:H-17 Reference: XF:vixie-cron Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. Modifications: ADDREF AUSCERT:AA-96.21 ADDREF CIAC:H-17 ADDREF XF:vixie-cron DESC identify the environmental variable, modify version INFERRED VOTE: CAN-1999-0297 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Northcutt, Hill MODIFY(2) Prosser, Frech COMMENTS: Prosser> This appears to be the same as the Cron BO reported in CIAC Prosser> H-17 which affects versions of the vixie cron package up to and including Prosser> 3.0 Frech> XF:vixie-cron ================================= Candidate: CAN-1999-0304 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:bsd-mmap Reference: FreeBSD:FreeBSD-SA-98:02 mmap function in BSD allows local attackers in the kmem group to modify memory through devices. INFERRED VOTE: CAN-1999-0304 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(3) Hill, Frech, Northcutt ================================= Candidate: CAN-1999-0318 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991216-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19961125 Security Problems in XMCD Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD) Reference: XF:xmcd-envbo Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable. Modifications: ADDREF BUGTRAQ:19961125 Security Problems in XMCD ADDREF BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD) INFERRED VOTE: CAN-1999-0318 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(3) Northcutt, Hill, Frech NOOP(1) Prosser ================================= Candidate: CAN-1999-0322 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: FreeBSD:FreeBSD-SA-97:05 Reference: XF:freebsd-open The open() function in FreeBSD allows local attackers to write to arbitrary files. INFERRED VOTE: CAN-1999-0322 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(3) Hill, Frech, Northcutt ================================= Candidate: CAN-1999-0343 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd) Reference: XF:palace-malicious-servers-vuln A malicious Palace server can force a client to execute arbitrary programs. Modifications: ADDREF BUGTRAQ:19981002 Announcements from The Palace (fwd) CHANGEREF XF:palace-execute XF:palace-malicious-servers-vuln INFERRED VOTE: CAN-1999-0343 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(2) Northcutt, Baker MODIFY(1) Frech NOOP(2) Shostack, Prosser COMMENTS: Shostack> The description worries me. Can force any client? Can force an Shostack> overly trusting client? Frech> XF reference above is obsolete; replace with Frech> XF:palace-malicious-servers-vuln ================================= Candidate: CAN-1999-0408 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990225 Cobalt root exploit Reference: XF:cobalt-raq-history-exposure Reference: BID:337 Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. Modifications: CHANGEREF BUGTRAQ add title INFERRED VOTE: CAN-1999-0408 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(2) Ozancin, Frech NOOP(1) Wall ================================= Candidate: CAN-1999-0409 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow Reference: XF:gnuplot-home-overflow Reference: BID:319 Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. INFERRED VOTE: CAN-1999-0409 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(2) Ozancin, Frech NOOP(1) Wall ================================= Candidate: CAN-1999-0421 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations Reference: XF:linux-slackware-install Reference: BID:338 During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password. Modifications: ADDREF BID:338 ADDREF XF:linux-slackware-install INFERRED VOTE: CAN-1999-0421 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(2) Hill, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:linux-slackware-install ================================= Candidate: CAN-1999-0428 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert Reference: XF:ssl-session-reuse OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. Modifications: CHANGEREF BUGTRAQ [add title] DESC add "bypass access controls" INFERRED VOTE: CAN-1999-0428 ACCEPT_ACK (2 accept, 1 ack, 0 review) VOTES: ACCEPT(2) Wall, Frech ================================= Candidate: CAN-1999-0439 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991207-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes Reference: DEBIAN:19990422 Reference: CALDERA:CSSA-1999:007 Reference: XF:procmail-overflow Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. Modifications: DESC reword INFERRED VOTE: CAN-1999-0439 ACCEPT_ACK (2 accept, 2 ack, 0 review) VOTES: ACCEPT(1) Ozancin MODIFY(1) Frech NOOP(1) Wall COMMENTS: Frech> Poorly summarized. See procmail-overflow. ================================= Candidate: CAN-1999-0470 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19990721 Assigned: 19990607 Category: SF Reference: XF:netware-remotenlm-passwords Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. Modifications: CHANGEREF BUGTRAQ [add title] INFERRED VOTE: CAN-1999-0470 ACCEPT (4 accept, 0 review) VOTES: ACCEPT(5) Wall, Northcutt, Baker, Ozancin, Frech
|
||||
