|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 30 candidates from various clusters
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. These 30 entries will allow us to reach the goal of 500 entries in CVE; version 20000118 will contain 503 entries. - Steve Candidate CVE Name --------- ---------- CAN-1999-0101 CVE-1999-0101 CAN-1999-0233 CVE-1999-0233 CAN-1999-0259 CVE-1999-0259 CAN-1999-0270 CVE-1999-0270 CAN-1999-0683 CVE-1999-0683 CAN-1999-0694 CVE-1999-0694 CAN-1999-0708 CVE-1999-0708 CAN-1999-0734 CVE-1999-0734 CAN-1999-0742 CVE-1999-0742 CAN-1999-0743 CVE-1999-0743 CAN-1999-0753 CVE-1999-0753 CAN-1999-0768 CVE-1999-0768 CAN-1999-0770 CVE-1999-0770 CAN-1999-0775 CVE-1999-0775 CAN-1999-0811 CVE-1999-0811 CAN-1999-0831 CVE-1999-0831 CAN-1999-0834 CVE-1999-0834 CAN-1999-0847 CVE-1999-0847 CAN-1999-0853 CVE-1999-0853 CAN-1999-0875 CVE-1999-0875 CAN-1999-0881 CVE-1999-0881 CAN-1999-0898 CVE-1999-0898 CAN-1999-0899 CVE-1999-0899 CAN-1999-0905 CVE-1999-0905 CAN-1999-0955 CVE-1999-0955 CAN-1999-0992 CVE-1999-0992 CAN-1999-0994 CVE-1999-0994 CAN-1999-0995 CVE-1999-0995 CAN-1999-0999 CVE-1999-0999 CAN-1999-1001 CVE-1999-1001 ================================= Candidate: CAN-1999-0101 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000105-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: ERS:ERS-SVA-E01-1997:001.1 Reference: ERS:ERS-SVA-E01-1996:007.1 Reference: SUN:00137a Reference: CIAC:H-13 Reference: NAI:NAI-1 Reference: XF:ghbn-bo Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. Modifications: ADDREF CIAC:H-13 CHANGEREF SUN:00137 SUN:00137a ADDREF XF:ghbn-bo CONTENT-DECISIONS: SF-CODEBASE INFERRED ACTION: CAN-1999-0101 MOREVOTES (0 accept, 3 ack, 0 review) HAS_CDS Current Votes: Comments: Frech> XF:ghbn-bo Frech> in addition to ERS:1997:001.1, also include 1996:007.1 Frech> Sun's bulletin is 137a, not 137. Prosser> concur wtih Andre, sun bul is 137a Christey> The NAI advisory discusses a problem with programs trusting Christey> the length field that is returned from gethostbyname(). Christey> The ERS and SUN advisories implicitly refer to Christey> BUGTRAQ:19961118 Serious hole in Solaris 2.5[.1] Christey> gethostbyname() (exploit included) Christey> which allows local users to gain access by providing Christey> arguments *to* gethostbyname(). Christey> As both Andre and Mike's comments relate to the advisories, Christey> NAI-1 will be deleted as a reference for this candidate, and Christey> a new candidate will be proposed later on. ================================= Candidate: CAN-1999-0233 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: MSKB:Q148188 Reference: MSKB:Q155056 Reference: XF:http-iis-cmd IIS allows users to execute arbitrary commands using .bat or .cmd files. Modifications: ADDREF MSKB:Q148188 DESC Remove WebSite reference. INFERRED ACTION: CAN-1999-0233 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Frech> XF reference is correct, but cannot find supporting reference for WebSite Frech> vulnerability. Frech> No further action to be taken unless more information forthcoming. Christey> Can't find the WebSite mention now, so I will remove it. Prosser> If you need an additional ref for this use: MSKB Q155056 - IIS Prosser> Security Concern Using Batch Files for CGI ================================= Candidate: CAN-1999-0259 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000106-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19970523 cfingerd vulnerability Reference: XF:cfinger-user-enumeration cfingerd lists all users on a system via search.**@target. Modifications: ADDREF BUGTRAQ:19970523 cfingerd vulnerability ADDREF XF:cfinger-user-enumeration INFERRED ACTION: CAN-1999-0259 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Frech> XF:cfinger-user-enumeration Prosser> Good summary of vulnerability on Prosser> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/cfinger.html ================================= Candidate: CAN-1999-0270 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000113-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: SGI:19980401-01-P Reference: CIAC:I-041 Reference: XF:sgi-pfdispaly pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. Modifications: ADDREF CIAC:I-041 ADDREF XF:sgi-pfdispaly ADDREF SGI:19980401-01-P INFERRED ACTION: CAN-1999-0270 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Prosser> additional source Prosser> CIAC Security Bulletin I-041 Prosser> http://www.ciac.org Prosser> The original SGI advisory on this one is 19980401-01-P3018 Frech> XF:sgi-pfdispaly Frech> XF:sgi-dispaly-patch-vuln Christey> There are two bugs here, as described in Bugtraq. The first one Christey> allowed read access to files outside of a document root (a dot dot Christey> problem). The second one was a shell metacharacter problem. Christey> Reference: BUGTRAQ:19980407: perfomer_tools again Christey> CAN-1999-0270 refers to the first problem only. ================================= Candidate: CAN-1999-0683 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:gauntlet-dos Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0 Reference: BID:556 Denial of service in Gauntlet Firewall via a malformed ICMP packet. INFERRED ACTION: CAN-1999-0683 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Cole> The BUGTRAQ number is 19990730 and the BID is 556. This also occurs when an Cole> ICMP Protocol Problem packet's (ICMP_PARAMPROB) encapsulated IP packet has a Cole> random protocol field and certain IP options set. ================================= Candidate: CAN-1999-0694 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: CIAC:J-055 Reference: IBM:ERS-SVA-E01-1999:002.1 Reference: XF:aix-ptrace-halt Denial of service in AIX ptrace system call allows local users to crash the system. Modifications: ADDREF XF:aix-ptrace-halt DELREF BUGTRAQ:19990713 INFERRED ACTION: CAN-1999-0694 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Frech> XF:aix-ptrace-halt Frech> Please add title to the BugTraq reference, since it was not evident to which Frech> message you were referring. Christey> I couldn't find the Bugtraq reference either, which is Christey> especially odd because the IBM advisory says that the Christey> problem was discussed in Bugtraq. Bugtraq reference deleted. ================================= Candidate: CAN-1999-0708 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000106-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow Reference: BID:651 Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field. Modifications: DELREF DEBIAN:19990806 CHANGEREF BUGTRAQ BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow DESC Add GECOS qualifier INFERRED ACTION: CAN-1999-0708 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Cole> This is to general. I would add: By setting a carefully designed GECOS Cole> field it is possible to execute arbitrary code with root (or nobody ) Cole> privileges Christey> There is no associated DEBIAN reference here, as Christey> DEBIAN:19990806 refers to an older remote-only buffer overflow Christey> in the username, not GECOS. (BID:512 also discusses that Christey> remote problem, though it may not be exploitable). Prosser> Bugtraq ref above now is BID 651 ================================= Candidate: CAN-1999-0734 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability Reference: XF:ciscosecure-read-write A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. INFERRED ACTION: CAN-1999-0734 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0742 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: DEBIAN:19990623 Reference: BID:480 The Debian mailman package uses weak authentication, which allows attackers to gain privileges. Modifications: ADDREF BID:480 INFERRED ACTION: CAN-1999-0742 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0743 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: XF:trn-symlinks Reference: DEBIAN:19990823c Reference: SUSE:19990824 Security hole in trn Trn allows local users to overwrite other users' files via symlinks. Modifications: ADDREF SUSE:19990824 Security hole in trn INFERRED ACTION: CAN-1999-0743 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Stracener> Add Ref: SUSE: Security hole in trn 24.08.99 ================================= Candidate: CAN-1999-0753 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: unknown Reference: BUGTRAQ:19990817 Stupid bug in W3-msql Reference: XF:mini-sql-w3-msql-cgi Reference: BID:591 The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. Modifications: ADDREF XF:mini-sql-w3-msql-cgi INFERRED ACTION: CAN-1999-0753 MOREVOTES (0 accept, 0 ack, 0 review) Current Votes: Comments: Christey> May be a configuration error and not a software flaw. See Christey> BUGTRAQ:19990820 Re: Stupid bug in W3-msql (David J. Hughes) ================================= Candidate: CAN-1999-0768 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BID:602 Reference: REDHAT:RHSA-1999:030-02 Reference: SUSE:19990829 Security hole in cron Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable. INFERRED ACTION: CAN-1999-0768 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Cole> I would be a little clear, By utilizing the MAILTO environment variable, a Cole> buffer can be overflown in the cron_popen() function, allowing an attacker Cole> to execute arbitrary code. Christey> CAN-1999-0872 will be rejected as it is a duplicate of Christey> this one. Stracener> Add Ref: SUSE: Security hole in cron 29.08.1999: Prosser> Add refs: YellowDog Linux August 27, 1999: vixie-cron ================================= Candidate: CAN-1999-0770 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1 Reference: BID:549 Reference: CHECKPOINT:ACK DOS ATTACK Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. INFERRED ACTION: CAN-1999-0770 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0775 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error Reference: XF:cisco-gigaswitch Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. Modifications: ADDREF XF:cisco-gigaswitch INFERRED ACTION: CAN-1999-0775 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0811 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes Reference: REDHAT:RHSA-1999:022-02 Reference: CALDERA:CSSA-1999:018.0 Reference: SUSE:19990816 Security hole in Samba Reference: DEBIAN:19990731 Samba Reference: XF:samba-message-bo Reference: BID:536 Buffer overflow in Samba smbd program via a malformed message command. Modifications: DESC add details ADDREF CALDERA:CSSA-1999:018.0 ADDREF SUSE:19990816 Security hole in Samba ADDREF DEBIAN:19990731 Samba ADDREF XF:samba-message-bo ADDREF BID:536 INFERRED ACTION: CAN-1999-0811 MOREVOTES (0 accept, 4 ack, 0 review) Current Votes: Comments: Stracener> Add Ref: CALDERA: CSSA-1999:018.0 Stracener> Add Ref: DEBIAN: Samba [31-Jul-1999] Stracener> Add Ref: SUSE: Security hole in Samba 16.08.1999 ================================= Candidate: CAN-1999-0831 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: CALDERA:CSSA-1999-035.0 Reference: REDHAT:RHSA1999055-01 Reference: SUSE:19991118 syslogd-1.3.33 (a1) Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: BID:809 Reference: XF:slackware-syslogd-dos Denial of service in Linux syslogd via a large number of connections. Modifications: ADDREF CALDERA:CSSA-1999-035.0 ADDREF REDHAT:RHSA1999055-01 ADDREF SUSE:19991118 syslogd-1.3.33 (a1) DESC Change description to apply to all Linux ADDREF XF:slackware-syslogd-dos ADDREF BID:809 INFERRED ACTION: CAN-1999-0831 MOREVOTES (0 accept, 3 ack, 0 review) Current Votes: Comments: Christey> ADDREF CALDERA:CSSA-1999-035.0 Christey> ADDREF REDHAT:RHSA1999055-01 Christey> ADDREF SUSE:19991118 syslogd-1.3.33 (a1) Christey> Change description to apply to all Linux Stracener> Given that this issue is not slackware-specific, the description should Stracener> be made more generic, possibly: "Denial of service in syslogd via a Stracener> large number of connections" Stracener> Add Ref: CSSA-1999-035.0 Stracener> Add Ref: RHSA1999055-01 Stracener> Add Ref: SuSE Security Announcement - syslogd (a1) Stracener> Add Ref: Cobalt Networks -- Security Advisory -- 11.20.1999 (syslog) Frech> XF:slackware-syslogd-dos ================================= Candidate: CAN-1999-0834 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2 Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2) Reference: CERT:CA-99-15 Reference: BID:843 Reference: XF:rsaref-bo Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. Modifications: ADDREF XF:rsaref-bo INFERRED ACTION: CAN-1999-0834 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Prosser> Ref: CERT Ca-99-15, Buffer Overflows in SSH Daemon and RSAREF2 Library Prosser> SecuriTeam.com, SSH1.2.27 is vulnerable to a remote buffer overflow (RSAREF) Frech> XF:rsaref-bo ================================= Candidate: CAN-1999-0847 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991129 FICS buffer overflow Reference: XF:fics-board-bo Buffer overflow in free internet chess server (FICS) program, xboard. Modifications: ADDREF XF:fics-board-bo INFERRED ACTION: CAN-1999-0847 MOREVOTES (0 accept, 0 ack, 0 review) Current Votes: Comments: Frech> XF:fics-board-bo ================================= Candidate: CAN-1999-0853 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BID:847 Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Reference: XF:netscape-fasttrack-auth-bo Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. Modifications: ADDREF XF:netscape-fasttrack-auth-bo INFERRED ACTION: CAN-1999-0853 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Cole> I would add that this is a remote buffer overflow... Frech> XF:netscape-fasttrack-auth-bo ================================= Candidate: CAN-1999-0875 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991208 Category: CF Reference: L0PHT:19990811 Reference: MSKB:Q216141 Reference: BID:578 Reference: XF:irdp-gateway-spoof DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. Modifications: ADDREF XF:irdp-gateway-spoof INFERRED ACTION: CAN-1999-0875 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0881 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Reference: BID:743 Reference: XF:falcon-path-parsing Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:falcon-path-parsing ADDREF BID:743 INFERRED ACTION: CAN-1999-0881 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0898 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-047 Reference: MSKB:Q243649 Reference: XF:nt-printer-spooler-bo Reference: BID:768 Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. Modifications: ADDREF XF:nt-printer-spooler-bo ADDREF BID:768 INFERRED ACTION: CAN-1999-0898 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Frech> XF:nt-printer-spooler-bo Prosser> (Modify) Prosser> This maybe should be seperated into two entries. One for the DoS which is Prosser> just done with random data and one for the more experienced attack of Prosser> gaining privileges on the host. Christey> While the advisory is not entirely explicit, the difference Christey> between the DoS and the command execution is only in effect, Christey> and appears to be in the same line of code, so the SF-LOC Christey> content decision applies here. ================================= Candidate: CAN-1999-0899 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-047 Reference: MSKB:Q243649 Reference: BID:769 Reference: XF:nt-printer-spooler-bo The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. Modifications: ADDREF XF:nt-printer-spooler-bo ADDREF BID:769 INFERRED ACTION: CAN-1999-0899 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Frech> XF:nt-printer-spooler-bo Cole> Cole> [Originally rejected; vote changed to ACCEPT based on feedback] Cole> This should be combined with the previous one to state it can cause Cole> a denial of service Cole> or allow commands to ve executed. Just because a vulnerability can Cole> be exploited in different ways Cole> does not mean there should be separate entries since the underlying Cole> exploit is the same. Christey> This is different than CAN-1999-0898 because 898 is a buffer Christey> overflow, while this one is incorrect permissions. They Christey> are different bugs, so should have separate entries. Note Christey> that MS99-047 also discriminates between these two candidates, Christey> i.e. it contains the phrase "A second vulnerability exists..." Christey> and goes on to describe CAN-1999-0899. ================================= Candidate: CAN-1999-0905 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0 Reference: BID:736 Reference: XF:raptor-ipoptions-dos Denial of service in Axent Raptor firewall via malformed zero-length IP options. Modifications: ADDREF BID:736 ADDREF XF:raptor-ipoptions-dos INFERRED ACTION: CAN-1999-0905 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Cole> This occurs when the SECURITY and TIMESTAMP IP options length is set to 0 ================================= Candidate: CAN-1999-0955 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991208 Assigned: 19991208 Category: SF Reference: CERT:CA-94.08 Reference: CIAC:E-17 Reference: XF:ftp-exec Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. Modifications: ADDREF XF:ftp-exec INFERRED ACTION: CAN-1999-0955 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Cole> There are actually two vulnerabilities listed in this CERT. I am assuming Cole> that the other one is listed in a different CVE. Frech> XF:ftp-exec ================================= Candidate: CAN-1999-0992 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: HP:HPSBUX9912-107 HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). INFERRED ACTION: CAN-1999-0992 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0994 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature Reference: MS:MS99-056 Reference: MSKB:Q248183 Reference: BID:873 Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. INFERRED ACTION: CAN-1999-0994 MOREVOTES (0 accept, 3 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0995 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: NAI:19991216 Windows NT LSA Remote Denial of Service Reference: MS:MS99-057 Reference: MSKB:Q248185 Reference: BID:875 Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." Modifications: ADDREF BID:875 INFERRED ACTION: CAN-1999-0995 MOREVOTES (0 accept, 3 ack, 0 review) Current Votes: ================================= Candidate: CAN-1999-0999 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: MS:MS99-059 Reference: MSKB:Q248749 Reference: BID:817 Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. Modifications: DESC Add version ADDREF BID:817 INFERRED ACTION: CAN-1999-0999 MOREVOTES (0 accept, 2 ack, 0 review) Current Votes: Comments: Wall> Microsoft SQL 7.0 server allows a remote attacker to cause a denial of Wall> service via a malformed TDS packet. ================================= Candidate: CAN-1999-1001 Published: Final-Decision: 20000118 Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Cisco Cache Engine allows a remote attacker to gain access via a null username and password. INFERRED ACTION: CAN-1999-1001 MOREVOTES (0 accept, 1 ack, 0 review) Current Votes: Comments: Cole> The references are not that clear. Christey> While vendor-supplied advisories sometimes aren't clear, they Christey> have acknowledged the problem and provided enough information Christey> to attach a CVE name to them. Prosser> Agree with Steve. This is one of those vendor-specific Prosser> vulnerabilities that was discovered early, fixed and limited Prosser> knowledge allowed out concerning the problem other than there Prosser> is one. But from a security vendor viewpoint, if a client is Prosser> running this product with the vulnerability, they really just Prosser> need to know that it has a security problem and here is the Prosser> fix! Additional information is great when it is available but Prosser> replacing or upgrading the vulnerable component is the Prosser> important issue. (my opinion only, and we all got one!)
|
||||
