|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 30 candidates from various clusters (Final 1/18)
I have made an Interim Decision to ACCEPT the following candidates from various clusters. I will make a Final Decision on January 18. This decision includes a mixture of legacy and new issues, which will be just enough to allow us to barely exceed 500 entries on the 18th, when candidate numbering is expected to go live. A few candidates were accepted with the minimum number of votes. The candidates come from the following clusters: 1 MULT 2 CGI 1 FINGER 2 MS 1 CERT2 4 RECENT-01 5 LINUX 1 UNIX-VEN 2 WEB 6 NET-01 5 RECENT-03 Voters: Shostack ACCEPT(1) Wall ACCEPT(4) MODIFY(1) NOOP(2) Ozancin ACCEPT(1) NOOP(2) Cole ACCEPT(14) MODIFY(6) NOOP(6) Stracener ACCEPT(22) MODIFY(4) Frech MODIFY(11) REVIEWING(1) Christey MODIFY(1) NOOP(10) Northcutt ACCEPT(2) NOOP(1) Armstrong ACCEPT(5) Prosser ACCEPT(9) MODIFY(1) NOOP(1) Blake ACCEPT(8) - Steve ================================= Candidate: CAN-1999-0101 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000105-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:001.1 Reference: ERS:ERS-SVA-E01-1996:007.1 Reference: SUN:00137a Reference: CIAC:H-13 Reference: NAI:NAI-1 Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. Modifications: ADDREF CIAC:H-13 CONTENT-DECISIONS: SF-CODEBASE INFERRED ACTION: CAN-1999-0101 ACCEPT_ACK (2 accept, 3 ack, 0 review) HAS_CDS Current Votes: ACCEPT(1) Prosser MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:ghbn-bo Frech> in addition to ERS:1997:001.1, also include 1996:007.1 Frech> Sun's bulletin is 137a, not 137. Prosser> concur wtih Andre, sun bul is 137a Christey> The NAI advisory discusses a problem with programs trusting Christey> the length field that is returned from gethostbyname(). Christey> The ERS and SUN advisories implicitly refer to Christey> BUGTRAQ:19961118 Serious hole in Solaris 2.5[.1] Christey> gethostbyname() (exploit included) Christey> which allows local users to gain access by providing Christey> arguments *to* gethostbyname(). Christey> As both Andre and Mike's comments relate to the advisories, Christey> NAI-1 will be deleted as a reference for this candidate, and Christey> a new candidate will be proposed later on. ================================= Candidate: CAN-1999-0233 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: MSKB:Q148188 Reference: XF:http-iis-cmd IIS allows users to execute arbitrary commands using .bat or .cmd files. Modifications: ADDREF MSKB:Q148188 DESC Remove WebSite reference. INFERRED ACTION: CAN-1999-0233 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Northcutt, Prosser NOOP(1) Christey REVIEWING(1) Frech Comments: Frech> XF reference is correct, but cannot find supporting reference for WebSite Frech> vulnerability. Frech> No further action to be taken unless more information forthcoming. Christey> Can't find the WebSite mention now, so I will remove it. ================================= Candidate: CAN-1999-0259 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000106-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19970523 cfingerd vulnerability Reference: XF:cfinger-user-enumeration cfingerd lists all users on a system via search.**@target. Modifications: ADDREF BUGTRAQ:19970523 cfingerd vulnerability ADDREF XF:cfinger-user-enumeration INFERRED ACTION: CAN-1999-0259 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Shostack MODIFY(1) Frech NOOP(1) Northcutt Comments: Frech> XF:cfinger-user-enumeration ================================= Candidate: CAN-1999-0270 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CIAC:I-041 Reference: XF:sgi-pfdispaly pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. Modifications: ADDREF CIAC:I-041 ADDREF XF:sgi-pfdispaly INFERRED ACTION: CAN-1999-0270 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech NOOP(1) Christey Comments: Prosser> additional source Prosser> CIAC Security Bulletin I-041 Prosser> http://www.ciac.org Frech> XF:sgi-pfdispaly Frech> XF:sgi-dispaly-patch-vuln Christey> There are two bugs here, as described in Bugtraq. The first one Christey> allowed read access to files outside of a document root (a dot dot Christey> problem). The second one was a shell metacharacter problem. Christey> Reference: BUGTRAQ:19980407: perfomer_tools again Christey> CAN-1999-0270 refers to the first problem only. ================================= Candidate: CAN-1999-0683 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:gauntlet-dos Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0 Reference: BID:556 Denial of service in Gauntlet Firewall via a malformed ICMP packet. INFERRED ACTION: CAN-1999-0683 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Cole Comments: Cole> The BUGTRAQ number is 19990730 and the BID is 556. This also occurs when an Cole> ICMP Protocol Problem packet's (ICMP_PARAMPROB) encapsulated IP packet has a Cole> random protocol field and certain IP options set. ================================= Candidate: CAN-1999-0694 Published: Final-Decision: Interim-Decision: 20000111 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: CIAC:J-055 Reference: IBM:ERS-SVA-E01-1999:002.1 Reference: XF:aix-ptrace-halt Denial of service in AIX ptrace system call allows local users to crash the system. Modifications: ADDREF XF:aix-ptrace-halt DELREF BUGTRAQ:19990713 INFERRED ACTION: CAN-1999-0694 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Blake, Stracener, Prosser MODIFY(1) Frech NOOP(2) Cole, Christey Comments: Frech> XF:aix-ptrace-halt Frech> Please add title to the BugTraq reference, since it was not evident to which Frech> message you were referring. Christey> I couldn't find the Bugtraq reference either, which is Christey> especially odd because the IBM advisory says that the Christey> problem was discussed in Bugtraq. Bugtraq reference deleted. ================================= Candidate: CAN-1999-0708 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000106-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow Reference: BID:651 Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. Modifications: DELREF DEBIAN:19990806 CHANGEREF BUGTRAQ BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow DESC Add GECOS qualifier INFERRED ACTION: CAN-1999-0708 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener MODIFY(1) Cole NOOP(1) Christey Comments: Cole> This is to general. I would add: By setting a carefully designed GECOS Cole> field it is possible to execute arbitrary code with root (or nobody ) Cole> privileges Christey> There is no associated DEBIAN reference here, as Christey> DEBIAN:19990806 refers to an older remote-only buffer overflow Christey> in the username, not GECOS. (BID:512 also discusses that Christey> remote problem, though it may not be exploitable). ================================= Candidate: CAN-1999-0734 Published: Final-Decision: Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability Reference: XF:ciscosecure-read-write A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. INFERRED ACTION: CAN-1999-0734 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0742 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: DEBIAN:19990623 Reference: BID:480 The Debian mailman package uses weak authentication, which allows attackers to gain privileges. Modifications: ADDREF BID:480 INFERRED ACTION: CAN-1999-0742 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0743 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: XF:trn-symlinks Reference: DEBIAN:19990823c Reference: SUSE:19990824 Security hole in trn Trn allows local users to overwrite other users' files via symlinks. Modifications: ADDREF SUSE:19990824 Security hole in trn INFERRED ACTION: CAN-1999-0743 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(1) Blake MODIFY(1) Stracener NOOP(1) Cole Comments: Stracener> Add Ref: SUSE: Security hole in trn 24.08.99 ================================= Candidate: CAN-1999-0753 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: unknown Reference: BUGTRAQ:19990817 Stupid bug in W3-msql Reference: XF:mini-sql-w3-msql-cgi Reference: BID:591 The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. Modifications: ADDREF XF:mini-sql-w3-msql-cgi INFERRED ACTION: CAN-1999-0753 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Blake, Stracener NOOP(1) Christey Comments: Christey> May be a configuration error and not a software flaw. See Christey> BUGTRAQ:19990820 Re: Stupid bug in W3-msql (David J. Hughes) ================================= Candidate: CAN-1999-0768 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BID:602 Reference: REDHAT:RHSA-1999:030-02 Reference: SUSE:19990829 Security hole in cron Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable. INFERRED ACTION: CAN-1999-0768 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(1) Blake MODIFY(3) Cole, Christey, Stracener Comments: Cole> I would be a little clear, By utilizing the MAILTO environment variable, a Cole> buffer can be overflown in the cron_popen() function, allowing an attacker Cole> to execute arbitrary code. Christey> Although the descriptions don't reflect it, CAN-1999-0872 and Christey> CAN-1999-0768 are different. One has to do with a buffer Christey> overflow; the other deals with a user supplying their own Christey> Sendmail config file. BID:602 and BID:611 show this. Stracener> Add Ref: SUSE: Security hole in cron 29.08.1999: ================================= Candidate: CAN-1999-0770 Published: Final-Decision: Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1 Reference: BID:549 Reference: CHECKPOINT:ACK DOS ATTACK Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. INFERRED ACTION: CAN-1999-0770 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0775 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error Reference: XF:cisco-gigaswitch Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. Modifications: ADDREF XF:cisco-gigaswitch INFERRED ACTION: CAN-1999-0775 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0811 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: REDHAT:RHSA-1999:022-02 Reference: CALDERA:CSSA-1999:018.0 Reference: SUSE:19990816 Security hole in Samba Reference: DEBIAN:19990731 Samba Reference: XF:samba-message-bo Reference: BID:536 Buffer overflow in Samba smbd program via a malformed message command. Modifications: DESC add details ADDREF CALDERA:CSSA-1999:018.0 ADDREF SUSE:19990816 Security hole in Samba ADDREF DEBIAN:19990731 Samba ADDREF XF:samba-message-bo ADDREF BID:536 INFERRED ACTION: CAN-1999-0811 ACCEPT_ACK (2 accept, 5 ack, 0 review) Current Votes: ACCEPT(1) Blake MODIFY(1) Stracener NOOP(1) Cole Comments: Stracener> Add Ref: CALDERA: CSSA-1999:018.0 Stracener> Add Ref: DEBIAN: Samba [31-Jul-1999] Stracener> Add Ref: SUSE: Security hole in Samba 16.08.1999 ================================= Candidate: CAN-1999-0831 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: CALDERA:CSSA-1999-035.0 Reference: REDHAT:RHSA1999055-01 Reference: SUSE:19991118 syslogd-1.3.33 (a1) Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: BID:809 Reference: XF:slackware-syslogd-dos Denial of service in Linux syslogd via a large number of connections. Modifications: ADDREF CALDERA:CSSA-1999-035.0 ADDREF REDHAT:RHSA1999055-01 ADDREF SUSE:19991118 syslogd-1.3.33 (a1) DESC Change description to apply to all Linux ADDREF XF:slackware-syslogd-dos ADDREF BID:809 INFERRED ACTION: CAN-1999-0831 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Cole, Prosser MODIFY(2) Stracener, Frech NOOP(1) Christey Comments: Christey> ADDREF CALDERA:CSSA-1999-035.0 Christey> ADDREF REDHAT:RHSA1999055-01 Christey> ADDREF SUSE:19991118 syslogd-1.3.33 (a1) Christey> Change description to apply to all Linux Stracener> Given that this issue is not slackware-specific, the description should Stracener> be made more generic, possibly: "Denial of service in syslogd via a Stracener> large number of connections" Stracener> Add Ref: CSSA-1999-035.0 Stracener> Add Ref: RHSA1999055-01 Stracener> Add Ref: SuSE Security Announcement - syslogd (a1) Stracener> Add Ref: Cobalt Networks -- Security Advisory -- 11.20.1999 (syslog) Frech> XF:slackware-syslogd-dos ================================= Candidate: CAN-1999-0834 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2 Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2) Reference: CERT:CA-99-15 Reference: BID:843 Reference: XF:rsaref-bo Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. Modifications: ADDREF XF:rsaref-bo INFERRED ACTION: CAN-1999-0834 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Cole, Stracener MODIFY(2) Prosser, Frech Comments: Prosser> Ref: CERT Ca-99-15, Buffer Overflows in SSH Daemon and RSAREF2 Library Prosser> SecuriTeam.com, SSH1.2.27 is vulnerable to a remote buffer overflow (RSAREF) Frech> XF:rsaref-bo ================================= Candidate: CAN-1999-0847 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991129 FICS buffer overflow Reference: XF:fics-board-bo Buffer overflow in free internet chess server (FICS) program, xboard. Modifications: ADDREF XF:fics-board-bo INFERRED ACTION: CAN-1999-0847 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Armstrong, Stracener MODIFY(1) Frech NOOP(2) Cole, Prosser Comments: Frech> XF:fics-board-bo ================================= Candidate: CAN-1999-0853 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BID:847 Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Reference: XF:netscape-fasttrack-auth-bo Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. Modifications: ADDREF XF:netscape-fasttrack-auth-bo INFERRED ACTION: CAN-1999-0853 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Stracener, Prosser MODIFY(2) Cole, Frech Comments: Cole> I would add that this is a remote buffer overflow... Frech> XF:netscape-fasttrack-auth-bo ================================= Candidate: CAN-1999-0875 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991208 Category: CF Reference: L0PHT:19990811 Reference: MSKB:Q216141 Reference: BID:578 Reference: XF:irdp-gateway-spoof DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. Modifications: ADDREF XF:irdp-gateway-spoof INFERRED ACTION: CAN-1999-0875 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0881 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Reference: BID:743 Reference: XF:falcon-path-parsing Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:falcon-path-parsing ADDREF BID:743 INFERRED ACTION: CAN-1999-0881 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0898 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-047 Reference: MSKB:Q243649 Reference: XF:nt-printer-spooler-bo Reference: BID:768 Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. Modifications: ADDREF XF:nt-printer-spooler-bo ADDREF BID:768 INFERRED ACTION: CAN-1999-0898 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Wall, Prosser, Stracener MODIFY(1) Frech NOOP(2) Ozancin, Christey Comments: Frech> XF:nt-printer-spooler-bo Prosser> (Modify) Prosser> This maybe should be seperated into two entries. One for the DoS which is Prosser> just done with random data and one for the more experienced attack of Prosser> gaining privileges on the host. Christey> While the advisory is not entirely explicit, the difference Christey> between the DoS and the command execution is only in effect, Christey> and appears to be in the same line of code, so the SF-LOC Christey> content decision applies here. ================================= Candidate: CAN-1999-0899 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-047 Reference: MSKB:Q243649 Reference: BID:769 Reference: XF:nt-printer-spooler-bo The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. Modifications: ADDREF XF:nt-printer-spooler-bo ADDREF BID:769 INFERRED ACTION: CAN-1999-0899 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Wall, Prosser, Stracener MODIFY(1) Frech NOOP(2) Ozancin, Christey Comments: Frech> XF:nt-printer-spooler-bo Cole> Cole> [Originally rejected; vote changed to ACCEPT based on feedback] Cole> This should be combined with the previous one to state it can cause Cole> a denial of service Cole> or allow commands to ve executed. Just because a vulnerability can Cole> be exploited in different ways Cole> does not mean there should be separate entries since the underlying Cole> exploit is the same. Christey> This is different than CAN-1999-0898 because 898 is a buffer Christey> overflow, while this one is incorrect permissions. They Christey> are different bugs, so should have separate entries. Note Christey> that MS99-047 also discriminates between these two candidates, Christey> i.e. it contains the phrase "A second vulnerability exists..." Christey> and goes on to describe CAN-1999-0899. ================================= Candidate: CAN-1999-0905 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0 Reference: BID:736 Reference: XF:raptor-ipoptions-dos Denial of service in Axent Raptor firewall via malformed zero-length IP options. Modifications: ADDREF BID:736 ADDREF XF:raptor-ipoptions-dos INFERRED ACTION: CAN-1999-0905 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Cole Comments: Cole> This occurs when the SECURITY and TIMESTAMP IP options length is set to 0 ================================= Candidate: CAN-1999-0955 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991208 Category: SF Reference: CERT:CA-94.08 Reference: CIAC:E-17 Reference: XF:ftp-exec Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. Modifications: ADDREF XF:ftp-exec INFERRED ACTION: CAN-1999-0955 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Ozancin, Prosser, Stracener MODIFY(1) Frech Comments: Cole> There are actually two vulnerabilities listed in this CERT. I am assuming Cole> that the other one is listed in a different CVE. Frech> XF:ftp-exec ================================= Candidate: CAN-1999-0992 Published: Final-Decision: Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: HP:HPSBUX9912-107 HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). INFERRED ACTION: CAN-1999-0992 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener NOOP(1) Wall ================================= Candidate: CAN-1999-0994 Published: Final-Decision: Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature Reference: MS:MS99-056 Reference: MSKB:Q248183 Reference: BID:873 Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. INFERRED ACTION: CAN-1999-0994 ACCEPT (3 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Stracener ================================= Candidate: CAN-1999-0995 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: NAI:19991216 Windows NT LSA Remote Denial of Service Reference: MS:MS99-057 Reference: MSKB:Q248185 Reference: BID:875 Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." Modifications: ADDREF BID:875 INFERRED ACTION: CAN-1999-0995 ACCEPT (3 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Stracener ================================= Candidate: CAN-1999-0999 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: MS:MS99-059 Reference: MSKB:Q248749 Reference: BID:817 Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. Modifications: DESC Add version ADDREF BID:817 INFERRED ACTION: CAN-1999-0999 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Wall Comments: Wall> Microsoft SQL 7.0 server allows a remote attacker to cause a denial of Wall> service via a malformed TDS packet. ================================= Candidate: CAN-1999-1001 Published: Final-Decision: Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Cisco Cache Engine allows a remote attacker to gain access via a null username and password. INFERRED ACTION: CAN-1999-1001 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Cole NOOP(2) Wall, Christey Comments: Cole> The references are not that clear. Christey> While vendor-supplied advisories sometimes aren't clear, they Christey> have acknowledged the problem and provided enough information Christey> to attach a CVE name to them.
|
||||
