|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [VOTE] MOREVOTES-1999-B: Candidates from 1999 needing 1 more vote
Each of the following 20 candidates needs just one more ACCEPT vote. If you can help out, it is appreciated. There are 4 other messages similar to this one, with different candidates. Feel free to pick one at random if you don't have the time to vote on them all. It is strongly preferred that you get your votes in by October 9. Thanks, - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-1999-0759 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0759 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug Reference: BID:634 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=634 Buffer overflow in FuseMAIL POP service via long USER and PASS commands. INFERRED ACTION: CAN-1999-0759 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:fuseware-popmail-bo VOTE: ====================================================== Candidate: CAN-1999-0776 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0776 Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: NTBUGTRAQ:19990506 ".."-hole in Alibaba 2.0 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533 Reference: XF:http-alibaba-dotdot Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0776 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech NOOP(4) Blake, LeBlanc, Christey, Cole Comments: Christey> This candidate is unconfirmed by the vendor. Posted by Arne Vidstrom. Blake> I'd like to change my vote on this from ACCEPT to NOOP. I did some digging and the vendor seems to have discontinued the product, so no information is available beyond Arne's post. Unless Andre has a copy in his archive and can test it, I think we have to leave it out. VOTE: ====================================================== Candidate: CAN-1999-0787 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0787 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:660 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=660 The SSH authentication agent follows symlinks via a UNIX domain socket. INFERRED ACTION: CAN-1999-0787 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: MODIFY(2) Stracener, Frech NOOP(1) Ozancin Comments: Stracener> Add Ref: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] Frech> XF:ssh-socket-auth-symlink-dos VOTE: ====================================================== Candidate: CAN-1999-0788 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0788 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:662 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=662 Arkiea nlservd allows remote attackers to conduct a denial of service. INFERRED ACTION: CAN-1999-0788 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: MODIFY(2) Stracener, Frech Comments: Stracener> Add Ref:BUGTRAQ:19990923 Multiple vendor Knox Arkiea local root/remote DoS Frech> XF:arkiea-backup-nlserverd-remote-dos VOTE: ====================================================== Candidate: CAN-1999-0791 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0791 Final-Decision: Interim-Decision: Modified: 20000202-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems Reference: KSRT:012 Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. Modifications: ADDREF BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems INFERRED ACTION: CAN-1999-0791 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: MODIFY(2) Stracener, Frech NOOP(1) Christey Comments: Stracener> Add Ref: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems Frech> XF:hybrid-anon-cable-modem-reconfig Christey> ADDREF BID:695 URL:http://www.securityfocus.com/vdb/bottom.html?vid=695 VOTE: ====================================================== Candidate: CAN-1999-0801 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0801 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:bmc-patrol-frames Reference: BUGTRAQ:19990409 Patrol security bugs BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. INFERRED ACTION: CAN-1999-0801 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Frech VOTE: ====================================================== Candidate: CAN-1999-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0873 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BID:759 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=759 Buffer overflow in Skyfull mail server via MAIL FROM command. INFERRED ACTION: CAN-1999-0873 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:skyfull-mail-from-bo VOTE: ====================================================== Candidate: CAN-1999-0904 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0904 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT Reference: BID:771 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=771 Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. INFERRED ACTION: CAN-1999-0904 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:bftelnet-username-dos VOTE: ====================================================== Candidate: CAN-1999-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0912 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service Reference: BID:653 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=653 FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. INFERRED ACTION: CAN-1999-0912 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Ozancin Comments: Frech> XF:freebsd-vfscache-dos VOTE: ====================================================== Candidate: CAN-1999-0919 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0919 Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621 Reference: XF:motorola-cable-crash A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. Modifications: ADDREF XF:motorola-cable-crash INFERRED ACTION: CAN-1999-0919 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(3) Christey, LeBlanc, Stracener Comments: Christey> This candidate is unconfirmed by the vendor. Frech> XF:motorola-cable-crash VOTE: ====================================================== Candidate: CAN-1999-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0921 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990409 Patrol security bugs BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. INFERRED ACTION: CAN-1999-0921 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:bmc-patrol-udp-dos VOTE: ====================================================== Candidate: CAN-1999-0927 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0927 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: EEYE:AD05261999 NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0927 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:ntmail-fileread VOTE: ====================================================== Candidate: CAN-1999-0928 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0928 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1 Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. INFERRED ACTION: CAN-1999-0928 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:websuite-dos VOTE: ====================================================== Candidate: CAN-1999-0930 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0930 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability wwwboard allows a remote attacker to delete message board articles via a malformed argument. INFERRED ACTION: CAN-1999-0930 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:http-cgi-wwwboard VOTE: ====================================================== Candidate: CAN-1999-0942 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0942 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. INFERRED ACTION: CAN-1999-0942 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Ozancin Comments: Frech> XF:sco-unixware-dos7utils-root-privs VOTE: ====================================================== Candidate: CAN-1999-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0946 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: BID:760 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=760 Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. INFERRED ACTION: CAN-1999-0946 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:yamaha-midiplug-embed VOTE: ====================================================== Candidate: CAN-1999-0954 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0954 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: CF Reference: BUGTRAQ:19990916 More fun with WWWBoard Reference: BID:649 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=649 WWWBoard has a default username and default password. INFERRED ACTION: CAN-1999-0954 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:http-cgi-wwwboard-default VOTE: ====================================================== Candidate: CAN-1999-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0968 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19981226 bnc exploit Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. INFERRED ACTION: CAN-1999-0968 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:bnc-proxy-bo VOTE: ====================================================== Candidate: CAN-1999-0971 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0971 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. INFERRED ACTION: CAN-1999-0971 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Ozancin Comments: Frech> XF:exim-include-overflow VOTE: ====================================================== Candidate: CAN-1999-1004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1004 Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum) Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. INFERRED ACTION: CAN-1999-1004 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Frech> XF:nav-pop-user VOTE:
|
||||
