|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 22 legacy candidates (Final 7/12)
I have made an Interim Decision to ACCEPT the following 22 legacy candidates from various clusters. I will make a Final Decision on July 12. Most of these are from the LINUX-99 cluster (1999 advisories from Linux vendors) and have the minimum 2 ACCEPT votes with vendor acknowledgement. The breakdown by cluster is as follows: 2 MULT 2 VERIFY-BUGTRAQ 1 VERIFY-TOOL 1 CERT2 20 LINUX-99 Voters: Wall NOOP(1) Levy ACCEPT(1) Ozancin ACCEPT(1) Cole ACCEPT(1) NOOP(1) Meunier ACCEPT(1) Stracener ACCEPT(21) Frech ACCEPT(6) MODIFY(16) Christey MODIFY(2) NOOP(7) Northcutt NOOP(1) Armstrong NOOP(1) Prosser ACCEPT(1) ================================= Candidate: CAN-1999-0247 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-02 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: NAI:19970721 INN news server vulnerabilities Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp Reference: XF:inn-bo Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. Modifications: ADDREF NAI:17 add version number CHANGEREF NAI:17 [normalize] ADDREF XF:inn-bo INFERRED ACTION: CAN-1999-0247 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Northcutt Comments: Frech> XF:inn-bo ================================= Candidate: CAN-1999-0378 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000106-01 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available Reference: XF:viruswall-http-request InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands. Modifications: ADDREF XF:viruswall-http-request ADDREF BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available INFERRED ACTION: CAN-1999-0378 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:viruswall-http-request ================================= Candidate: CAN-1999-0387 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000626-02 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: MS:MS99-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-052.asp Reference: MSKB:Q168115 Reference: BID:829 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=829 Reference: XF:9x-plaintext-pwd A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. Modifications: ADDREF MS:MS99-052 ADDREF MSKB:Q168115 ADDREF BID:829 ADDREF XF:9x-plaintext-pwd INFERRED ACTION: CAN-1999-0387 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Christey, Wall, Cole Comments: Frech> Term 'legacy' is vague and can be subject to interpretation. Require a reference to establish this vulnerability. Christey> Added refs. Interestingly, this candidate was assigned on June 7, 1999, but there were no references until the Microsoft advisory in late November. I have lost the original reference. Frech> XF:9x-plaintext-pwd ================================= Candidate: CAN-1999-0415 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-router-commands Reference: XF:cisco-web-config The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. Modifications: ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities ADDREF CIAC:J-034 ADDREF XF:cisco-router-commands ADDREF XF:cisco-web-config CHANGEREF ISS [normalize] DESC reword INFERRED ACTION: CAN-1999-0415 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(2) Frech, Christey Comments: Frech> Reference: ISS:March11,1999 (consistent with cluster 1, CAN-1999-0008) XF:cisco-router-commands XF:cisco-web-config Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml ADDREF CIAC:J-034 ADDREF URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Consider a description like: The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. ================================= Candidate: CAN-1999-0416 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml Reference: CIAC:J-034 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Reference: XF:cisco-web-crash Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. Modifications: ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities ADDREF CIAC:J-034 ADDREF XF:cisco-web-crash CHANGEREF ISS [normalize] DESC reword INFERRED ACTION: CAN-1999-0416 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(2) Frech, Christey Comments: Frech> Reference: ISS:March11,1999 XF:cisco-web-crash Christey> ADDREF CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities http://www.cisco.com/warp/public/770/7xxconn-pub.shtml ADDREF CIAC:J-034 http://ciac.llnl.gov/ciac/bulletins/j-034.shtml Consider a description like: Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. ================================= Candidate: CAN-1999-0959 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 19991208 Assigned: 19991208 Category: SF Reference: AUSCERT:AA-97-05 Reference: SGI:19980301-01-PX Reference: XF:irix-startmidi-file-creation IRIX startmidi program allows local users to modify arbitrary files via a symlink attack. Modifications: ADDREF XF:irix-startmidi-file-creation DESC remove stopmidi INFERRED ACTION: CAN-1999-0959 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Ozancin, Prosser, Stracener, Meunier MODIFY(1) Frech NOOP(2) Armstrong, Christey Comments: Frech> XF:irix-startmidi-file-creation Christey> It appeared that CD:SF-EXEC applied here, but the bug is just in startmidi, not stopmidi. So get rid of stopmidi in the description. ================================= Candidate: CAN-2000-0352 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com Reference: CALDERA:CSSA-1999-036.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt Reference: SUSE:19991227 Security hole in Pine < 4.21 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_36.txt Reference: XF:pine-remote-exe Reference: BID:810 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=810 Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. Modifications: ADDREF XF:pine-remote-exe INFERRED ACTION: CAN-2000-0352 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:pine-remote-exe ================================= Candidate: CAN-2000-0353 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html Reference: SUSE:19990628 Execution of commands in Pine 4.x Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt Reference: SUSE:19990911 Update for Pine (fixed IMAP support) Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt Reference: BID:1247 Reference: XF:pine-lynx-execute-commands Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. Modifications: ADDREF BID:1247 ADDREF XF:pine-lynx-execute-commands INFERRED ACTION: CAN-2000-0353 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Christey> ADDREF BID:1247 Frech> XF:pine-lynx-execute-commands ================================= Candidate: CAN-2000-0354 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: BUGTRAQ:19990928 mirror 2.9 hole Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru Reference: DEBIAN:19991018 Incorrect directory name handling in mirror Reference: URL:http://www.debian.org/security/1999/19991018 Reference: SUSE:19991001 Security hole in mirror Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_22.txt Reference: BID:681 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=681 Reference: XF:mirror-perl-remote-file-creation mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory. INFERRED ACTION: CAN-2000-0354 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech ================================= Candidate: CAN-2000-0356 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: REDHAT:RHSA-1999:040 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789 Reference: XF:linux-pam-nis-login Reference: BID:697 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=697 Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. INFERRED ACTION: CAN-2000-0356 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech ================================= Candidate: CAN-2000-0359 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt Reference: XF:thttpd-ifmodifiedsince-header-dos Reference: BID:1248 Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. Modifications: ADDREF BID:1248 ADDREF XF:thttpd-ifmodifiedsince-header-dos INFERRED ACTION: CAN-2000-0359 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Christey> ADDREF BID:1248 Frech> XF:thttpd-ifmodifiedsince-header-dos ================================= Candidate: CAN-2000-0360 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991124 Security hole in inn <= 2.2.1 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_34.txt Reference: CALDERA:CSSA-1999-038.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt Reference: XF:inn-remote-dos Reference: BID:1249 Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. Modifications: ADDREF BID:1249 ADDREF XF:inn-remote-dos INFERRED ACTION: CAN-2000-0360 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Christey> ADDREF BID:1249 Frech> XF:inn-remote-dos ================================= Candidate: CAN-2000-0361 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991214 Security hole in wvdial <= 1.4 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_35.txt Reference: XF:wvdial-gain-dialup-info The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. Modifications: ADDREF XF:wvdial-gain-dialup-info INFERRED ACTION: CAN-2000-0361 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:wvdial-gain-dialup-info ================================= Candidate: CAN-2000-0362 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt Reference: BID:738 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738 Reference: XF:linux-cdda2cdr Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. Modifications: ADDREF XF:linux-cdda2cdr INFERRED ACTION: CAN-2000-0362 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:linux-cdda2cdr ================================= Candidate: CAN-2000-0363 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: SUSE:19991019 Security hole in cdwtools < 093 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_25.txt Reference: BID:738 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=738 Reference: XF:linux-cdda2cdr Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory. Modifications: ADDREF XF:linux-cdda2cdr INFERRED ACTION: CAN-2000-0363 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:linux-cdda2cdr ================================= Candidate: CAN-2000-0366 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: DEBIAN:19991202 problem restoring symlinks Reference: URL:http://www.debian.org/security/1999/19991202 Reference: XF:debian-dump-modify-ownership dump in Debian Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. Modifications: ADDREF XF:debian-dump-modify-ownership INFERRED ACTION: CAN-2000-0366 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:debian-dump-modify-ownership ================================= Candidate: CAN-2000-0367 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: DEBIAN:19990218 Root exploit in eterm Reference: URL:http://www.debian.org/security/1999/19990218 Reference: XF:linux-eterm Vulnerability in eterm 0.8.8 in Debian Linux allows an attacker to gain root privileges. INFERRED ACTION: CAN-2000-0367 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech ================================= Candidate: CAN-2000-0370 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-001.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt Reference: BID:1268 Reference: XF:caldera-smail-rmail-command The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command. Modifications: ADDREF BID:1268 ADDREF XF:caldera-smail-rmail-command INFERRED ACTION: CAN-2000-0370 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Christey> ADDREF BID:1268 URL:http://www.securityfocus.com/bid/1268 Frech> XF:caldera-smail-rmail-command ================================= Candidate: CAN-2000-0371 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-005.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt Reference: BID:1269 Reference: XF:kde-mediatool The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. Modifications: ADDREF BID:1269 INFERRED ACTION: CAN-2000-0371 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech NOOP(1) Christey Comments: Christey> BID:1269 ADDREF URL:http://www.securityfocus.com/bid/1269 ================================= Candidate: CAN-2000-0372 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-014.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt Reference: XF:linux-rmt Reference: URL:http://xforce.iss.net/static/2268.php Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. INFERRED ACTION: CAN-2000-0372 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech ================================= Candidate: CAN-2000-0373 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-015.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt Reference: REDHAT:RHSA-1999:015-01 Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html Reference: XF:kde-kvt Reference: URL:http://xforce.iss.net/static/2266.php Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. INFERRED ACTION: CAN-2000-0373 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech ================================= Candidate: CAN-2000-0374 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: CF Reference: CALDERA:CSSA-1999-021.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt Reference: XF:caldera-kdm-default-configuration The default configuration of kdm in Caldera Linux allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. Modifications: ADDREF XF:caldera-kdm-default-configuration INFERRED ACTION: CAN-2000-0374 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:caldera-kdm-default-configuration
|
||||
