|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster LINUX-99 - 26 legacy candidates
The following cluster contains 26 candidates, all of which are documented in at least one advisory that was published by a Linux vendor in 1999. Most candidates have a "priority 1" since they are confirmed by the vendor. Others are priority 3 because they are affected by content decisions. There are a few 1999 advisories that are not yet covered by candidates. They are still being worked on behind the scenes. In some cases, the advisory is so abstract that there is not enough information to tell if it is related to an existing issue or not. Other advisories are related to various software packages that had numerous vulnerabilities in a short time, so it requires deeper analysis to wade through the morass and make sure that there is no duplication with existing candidates (wu-ftpd/ProFTPD is an example). Members of the CVE content team are conducting this deeper analysis, as well as preparing the next round of legacy candidates from all the Board members (and some non-Board members) who are contributing their vulnerability databases to this effort. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0352 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com Reference: CALDERA:CSSA-1999-036.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt Reference: SUSE:19991227 Security hole in Pine < 4.21 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_36.txt Reference: BID:810 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=810 Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. ED_PRI CAN-2000-0352 1 VOTE: ================================= Candidate: CAN-2000-0353 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html Reference: SUSE:19990628 Execution of commands in Pine 4.x Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt Reference: SUSE:19990911 Update for Pine (fixed IMAP support) Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. ED_PRI CAN-2000-0353 1 VOTE: ================================= Candidate: CAN-2000-0354 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: BUGTRAQ:19990928 mirror 2.9 hole Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru Reference: DEBIAN:19991018 Incorrect directory name handling in mirror Reference: URL:http://www.debian.org/security/1999/19991018 Reference: SUSE:19991001 Security hole in mirror Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_22.txt Reference: BID:681 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=681 Reference: XF:mirror-perl-remote-file-creation mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory. ED_PRI CAN-2000-0354 1 VOTE: ================================= Candidate: CAN-2000-0356 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: REDHAT:RHSA-1999:040 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789 Reference: XF:linux-pam-nis-login Reference: BID:697 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=697 Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. ED_PRI CAN-2000-0356 1 VOTE: ================================= Candidate: CAN-2000-0359 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. ED_PRI CAN-2000-0359 1 VOTE: ================================= Candidate: CAN-2000-0360 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991124 Security hole in inn <= 2.2.1 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_34.txt Reference: CALDERA:CSSA-1999-038.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. ED_PRI CAN-2000-0360 1 VOTE: ================================= Candidate: CAN-2000-0361 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991214 Security hole in wvdial <= 1.4 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_35.txt The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. ED_PRI CAN-2000-0361 1 VOTE: ================================= Candidate: CAN-2000-0362 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt Reference: BID:738 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738 Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. ED_PRI CAN-2000-0362 1 VOTE: ================================= Candidate: CAN-2000-0363 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt Reference: BID:738 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738 Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory. ED_PRI CAN-2000-0363 1 VOTE: ================================= Candidate: CAN-2000-0366 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: DEBIAN:19991202 problem restoring symlinks Reference: URL:http://www.debian.org/security/1999/19991202 dump in Debian Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. ED_PRI CAN-2000-0366 1 VOTE: ================================= Candidate: CAN-2000-0367 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: DEBIAN:19990218 Root exploit in eterm Reference: URL:http://www.debian.org/security/1999/19990218 Reference: XF:linux-eterm Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to gain root privileges. ED_PRI CAN-2000-0367 1 VOTE: ================================= Candidate: CAN-2000-0369 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-029.1 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. ED_PRI CAN-2000-0369 1 VOTE: ================================= Candidate: CAN-2000-0370 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-001.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command. ED_PRI CAN-2000-0370 1 VOTE: ================================= Candidate: CAN-2000-0371 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-005.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt Reference: XF:kde-mediatool The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. ED_PRI CAN-2000-0371 1 VOTE: ================================= Candidate: CAN-2000-0372 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-014.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt Reference: XF:linux-rmt Reference: URL:http://xforce.iss.net/static/2268.php Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. ED_PRI CAN-2000-0372 1 VOTE: ================================= Candidate: CAN-2000-0373 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-015.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt Reference: REDHAT:RHSA-1999:015-01 Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html Reference: XF:kde-kvt Reference: URL:http://xforce.iss.net/static/2266.php Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. ED_PRI CAN-2000-0373 1 VOTE: ================================= Candidate: CAN-2000-0374 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-021.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt The default configuration of kdm in Caldera Linux allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. ED_PRI CAN-2000-0374 1 VOTE: ================================= Candidate: CAN-2000-0355 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19990920 Security hole in pbpg Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_21.txt Reference: XF:linux-pb-fileread Reference: XF:linux-pg-fileread pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files. ED_PRI CAN-2000-0355 3 VOTE: ================================= Candidate: CAN-2000-0357 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: REDHAT:RHSA-1999:058-01 Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999058-01.html ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. ED_PRI CAN-2000-0357 3 VOTE: ================================= Candidate: CAN-2000-0358 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: REDHAT:RHSA-1999:058-01 Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999058-01.html ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program. ED_PRI CAN-2000-0358 3 VOTE: ================================= Candidate: CAN-2000-0364 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: BUGTRAQ:19990606 RedHat 6.0, /dev/pts permissions bug when using xterm Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92877527701347&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92886009012161&w=2 Reference: REDHAT:RHSA1999014_01 Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999014_01.html Reference: BID:309 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=309 screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys. ED_PRI CAN-2000-0364 3 VOTE: ================================= Candidate: CAN-2000-0365 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000524 Assigned: 20000523 Category: CF Reference: BUGTRAQ:19990606 RedHat 6.0, /dev/pts permissions bug when using xterm Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92877527701347&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92886009012161&w=2 Reference: REDHAT:RHSA1999014_01 Reference: URL:http://www.redhat.com/corp/support/errata/RHSA1999014_01.html Reference: BID:308 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=308 Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices. ED_PRI CAN-2000-0365 3 VOTE:
|
||||
