|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 33 legacy candidates (Final 10/13)
I have made an Interim Decision to ACCEPT the following 33 legacy candidates from various clusters. These candidates were proposed in 1999. I will make a Final Decision on October 13. Thanks to all the Board members who got their votes in! 15 different members have voted since October 1. Voters: Shostack ACCEPT(1) MODIFY(1) Levy ACCEPT(19) MODIFY(2) Landfield ACCEPT(15) NOOP(8) Cole ACCEPT(20) MODIFY(2) NOOP(5) Bishop ACCEPT(3) MODIFY(1) NOOP(3) Baker MODIFY(5) Stracener ACCEPT(20) MODIFY(5) REVIEWING(1) Frech ACCEPT(2) MODIFY(30) NOOP(1) Proctor ACCEPT(1) Hill ACCEPT(3) Christey NOOP(14) Northcutt ACCEPT(3) NOOP(2) REJECT(1) Prosser ACCEPT(1) MODIFY(2) REVIEWING(2) Wall ACCEPT(10) NOOP(13) Ozancin ACCEPT(5) NOOP(17) Armstrong ACCEPT(5) NOOP(8) REVIEWING(2) Balinsky ACCEPT(1) Blake ACCEPT(10) MODIFY(1) ====================================================== Candidate: CAN-1999-0145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0145 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: CERT:CA-1990-11 Reference: URL:http://www.cert.org/advisories/CA-1990-11.html Reference: CERT:CA-1993-14 Reference: URL:http://www.cert.org/advisories/CA-1993-14.html Reference: BUGTRAQ:19950206 sendmail wizard thing... Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0350.html Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html Sendmail WIZ command enabled, allowing root access. Modifications: ADDREF CERT:CA-1990-11 ADDREF CERT:CA-1993-14 ADDREF BUGTRAQ:19950206 sendmail wizard thing... ADDREF MISC:FarmerVenema:Improving the Security of Your Site by Breaking Into it INFERRED ACTION: CAN-1999-0145 REJECT (1 reject, 6 accept, 0 review) HAS_CONFLICT Current Votes: ACCEPT(4) Hill, Blake, Proctor, Balinsky MODIFY(2) Prosser, Frech NOOP(1) Christey REJECT(1) Northcutt Voter Comments: Frech> XF:smtp-wiz Northcutt> I have voted against this before as well. This raises the case of a historic but no longer existant vulnerability. Or is there any data that wiz still exists on any operational systems? Prosser> additional sources Bugtraq "sendmail wizard thing" http://securityfocus/ CERT Advisory CA-93.14 http://www.cert.org Christey> While this may not be active anywhere (we hope), it is still of historic interest and potentially useful for academic study. Therefore it should be included. Balinsky> Cisco's Security Profile Assessment teams still find this at customer sites. Christey> I also sent a post to the PEN-TEST list asking if people still see this, and I got a few positive responses. See: PEN-TEST:20000914 Re: Debug command on Sendmail URL:http://www.securityfocus.com/archive/101/82783 URL:http://www.securityfocus.com/archive/101/83102 URL:http://www.securityfocus.com/archive/101/82978 ADDREF MISC:FarmerVenema:Improving the Security of Your Site by Breaking Into it URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html ADDREF CERT:CA-1990-11 URL:http://www.cert.org/advisories/CA-1990-11.html ADDREF BUGTRAQ:19950206 sendmail wizard thing... URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html URL:http://www2.dataguard.no/bugtraq/1995_1/0350.html ====================================================== Candidate: CAN-1999-0247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0247 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: NAI:19970721 INN news server vulnerabilities Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp Reference: BID:1443 Reference: XF:inn-bo Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. Modifications: ADDREF NAI:17 add version number CHANGEREF NAI:17 [normalize] ADDREF XF:inn-bo ADDREF BID:1443 INFERRED ACTION: CAN-1999-0247 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Levy MODIFY(1) Frech NOOP(2) Christey, Northcutt Voter Comments: Frech> XF:inn-bo Christey> BID:1443 URL:http://www.securityfocus.com/bid/1443 ====================================================== Candidate: CAN-1999-0248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0248 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. Modifications: ADDREF MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html ADDREF CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 DESC [add details] INFERRED ACTION: CAN-1999-0248 ACCEPT (8 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Northcutt, Armstrong, Landfield MODIFY(4) Baker, Bishop, Shostack, Blake NOOP(3) Frech, Wall, Ozancin Voter Comments: Shostack> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html looks to me to be about the correct message that came from Tatu. There are comments in changelog: * Improved the security of auth_input_request_forwarding(). I'm not in favor of moving this forward without additional detail, but thought I'd add a confirming URL and comment. We have insufficient detail to accept it as a CVE. Frech> Try http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1; to wit (see asterisked section): ... ***** Versions of ssh prior to 1.2.17 had problems with authentication agent handling on some machines. There is a chance (a race condition) that a malicious user could steal another user's credentials. This should be fixed in 1.2.17. ***** Blake> I concur with Adam that additional reference is needed. Either or both references suggested are fine with me. Bishop> (need more detail) Baker> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html Misc Defensive Info The bugs concern only SSH protocol version 1.5 implemented in SSH server version 1.2.17. Later versions of the server or applications that use version 2 of the SSH protocol are not affected by the bugs. An attacker with the ability to do active network-level attacks can compromise the security of a number of aspects of the SSH protocol as implemented in SSH-1.2.17. While some of the attacks are fairly serious, even in the worst case security is still better than with rlogin or telnet. Being able to succeed in breaking SSH security requires intimate knowledge of the protocol and the implementation, access to a large amount of processing power and expertise in TCP/IP networking. ====================================================== Candidate: CAN-1999-0358 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0358 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19990617 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows Reference: COMPAQ:SSRT0583U Reference: XF:du-inc Reference: CIAC:J-027 Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. Modifications: ADDREF XF:du-inc ADDREF CIAC:J-027 INFERRED ACTION: CAN-1999-0358 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Hill, Northcutt, Shostack MODIFY(2) Frech, Prosser NOOP(1) Christey Voter Comments: Prosser> Ref'd SSRT has an 'at' vulnerable as well supposedly fixed by the patch. Shouldn't this be included as a seperate CVE in this cluster. ref:BugTraq "Digital Unix Buffer Overflows: Exploits" from Lamont Granquist for both as well. Frech> Reference: XF:du-inc Christey> ADDREF CIAC:J-027 ====================================================== Candidate: CAN-1999-0393 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0393 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want! Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2 Reference: XF:sendmail-parsing-redirection Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. Modifications: ADDREF XF:sendmail-parsing-redirection CHANGEREF BUGTRAQ [change date to 19981212] ADDREF BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware INFERRED ACTION: CAN-1999-0393 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Blake, Ozancin, Landfield, Cole MODIFY(2) Frech, Baker NOOP(3) Christey, Bishop, Wall Voter Comments: Frech> I assume that Reference: BUGTRAQ:Dec12,1999 is not attesting to the power of CVE to foresee events in the future. This reference should be 12/12/98. ADDREF XF:sendmail-parsing-redirection Christey> This issue is acknowledged in BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware URL: http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2 Landfield> with Frech modifications CHANGE> [Cole changed vote from NOOP to ACCEPT] Baker> Vulnerability Reference (HTML) Reference Type http://www.securityfocus.com/archive/1/11556 Misc Defensive Info http://xforce.iss.net/static/2300.php Misc Defensive Info Christey> CVE-1999-0478 looks like it could be a duplicate, but HP's advisory is so vague that you can't be certain. The only close hint is: "Public domain fixes now in sendmail 8.9.3 have been ported to HP-UX sendmail 8.8.6 release patch." However, the HP advisory only says that HP 8.8.6 Sendmails "accept connections sub-optimally." CAN-1999-0393 clearly has nothing to do with mishandling connections. ====================================================== Candidate: CAN-1999-0395 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0395 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol Reference: URL:http://xforce.iss.net/alerts/advise17.php Reference: XF:backweb-polite-agent-protocol A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. Modifications: CHANGEREF ISS [canonicalize] ADDREF XF:backweb-polite-agent-protocol INFERRED ACTION: CAN-1999-0395 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Hill, Stracener MODIFY(1) Frech NOOP(2) Landfield, Northcutt Voter Comments: Frech> XF:backweb-polite-agent-protocol ====================================================== Candidate: CAN-1999-0403 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0403 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2 Reference: XF:cyrix-hang A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. Modifications: CHANGEREF BUGTRAQ [canonicalize] INFERRED ACTION: CAN-1999-0403 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Northcutt MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cyrix-hang(1716) In description, correct plural usage is "CPUs." ====================================================== Candidate: CAN-1999-0429 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0429 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19990726 Assigned: 19990607 Category: CF Reference: BUGTRAQ:19990323 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2 Reference: BUGTRAQ:19990324 Re: LNotes encryption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2 Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2 Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2 Reference: XF:lotus-client-encryption The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. Modifications: CHANGEREF BUGTRAQ [canonicalize] ADDREF BUGTRAQ:19990324 Re: LNotes encryption ADDREF BUGTRAQ:19990326 Lotus Notes Encryption Bug ADDREF BUGTRAQ:19990326 Re: Lotus Notes security advisory INFERRED ACTION: CAN-1999-0429 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Blake, Ozancin, Landfield, Frech, Cole MODIFY(1) Baker NOOP(2) Wall, Bishop Voter Comments: Baker> Vulnerability Reference (HTML) Reference Type http://www.securityfocus.com/archive/1/12943 Misc Defensive Info http://xforce.iss.net/static/2047.php Misc Defensive Info ====================================================== Candidate: CAN-1999-0440 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0440 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2 Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html Reference: XF:java-unverified-code The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. Modifications: CHANGEREF BUGTRAQ [canonicalize] ADDREF CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html INFERRED ACTION: CAN-1999-0440 ACCEPT (8 accept, 1 ack, 0 review) Current Votes: ACCEPT(7) Wall, Blake, Ozancin, Landfield, Frech, Cole, Bishop MODIFY(1) Baker Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] Baker> Vulnerability Reference (HTML) Reference Type http://www.microsoft.com/java/vm/dl_vm31.htm Patch Info http://www.microsoft.com/windows/ie/download/jvm.htm Patch Info http://www.damnation/net/iecrash/Iecrash.zip Misc Offensive Info http://hackersclub.com/km/library/hack/iecrash Misc Offensive Info http://xforce.iss.net/static/2025.php Misc Defensive Info ====================================================== Candidate: CAN-1999-0671 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0671 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:572 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=572 Reference: XF:toxsoft-nextftp-cwd-bo Buffer overflow in ToxSoft NextFTP client through CWD command. Modifications: ADDREF XF:toxsoft-nextftp-cwd-bo INFERRED ACTION: CAN-1999-0671 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Blake MODIFY(2) Frech, Stracener NOOP(5) Bishop, Wall, Ozancin, Landfield, Cole Voter Comments: Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.035 Frech> XF:toxsoft-nextftp-cwd-bo ====================================================== Candidate: CAN-1999-0672 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0672 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:fujitsu-topic-bo Reference: BID:573 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=573 Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. Modifications: ADDREF XF:fujitsu-topic-bo INFERRED ACTION: CAN-1999-0672 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Blake MODIFY(2) Frech, Stracener NOOP(4) Wall, Ozancin, Landfield, Cole Voter Comments: Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.036 Frech> XF:fujitsu-topic-bo ====================================================== Candidate: CAN-1999-0675 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0675 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS Reference: URL:http://www.securityfocus.com/archive/1/23615 Reference: BID:576 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=576 Reference: XF:checkpoint-port Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host. Modifications: ADDREF XF:checkpoint-port DESC Add Check Point ADDREF BUGTRAQ:19990809 FW1 UDP Port 0 DoS INFERRED ACTION: CAN-1999-0675 ACCEPT_REV (5 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Levy, Blake, Landfield MODIFY(2) Frech, Cole NOOP(3) Wall, Ozancin, Christey REVIEWING(1) Stracener Voter Comments: Cole> This only occurs when the VPN being used for the transport of the packet supports ISAKMP encryption. Frech> XF:checkpoint-port Modify description to read "Check Point Firewall-1 ..." Christey> http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908051851320.8871-100000@area51 Landfield> with modifications ====================================================== Candidate: CAN-1999-0679 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0679 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included) Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog Reference: BID:581 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=581 Reference: XF:hybrid-ircd-minvite-bo Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option. Modifications: ADDREF XF:hybrid-ircd-minvite-bo ADDREF CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog INFERRED ACTION: CAN-1999-0679 ACCEPT (9 accept, 1 ack, 0 review) Current Votes: ACCEPT(8) Bishop, Levy, Wall, Blake, Ozancin, Landfield, Cole, Stracener MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:hybrid-ircd-minvite-bo CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> Possible vendor acknowledgement; see http://www.efnet.org/archive/servers/hybrid/ChangeLog Discloser said the problem existed until beta 58. A quote by Dianora for hybrid-6-b57 says "fixed mtrie_conf.c kline code," but it can't be certain if it's related to this bug. Section "hybrid-6-b75" includes this statement by Dianora: "corrected possible buffer overflows in m_knock, m_invite". Sounds like it, but can't be sure, especially considering the discloser said that it was fixed in beta 58, and there was independent confirmation of that statement. ====================================================== Candidate: CAN-1999-0697 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0697 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare Reference: BID:621 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=621 Reference: XF:sco-doctor-execute SCO Doctor allows local users to gain root privileges through a Tools option. Modifications: ADDREF XF:sco-doctor-execute INFERRED ACTION: CAN-1999-0697 ACCEPT (7 accept, 0 ack, 0 review) Current Votes: ACCEPT(6) Bishop, Levy, Blake, Landfield, Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Ozancin Voter Comments: Frech> XF:sco-doctor-execute CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0759 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0759 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8 Reference: BID:634 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=634 Reference: XF:fuseware-popmail-bo Buffer overflow in FuseMAIL POP service via long USER and PASS commands. Modifications: ADDREF XF:fuseware-popmail-bo ADDREF CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8 INFERRED ACTION: CAN-1999-0759 ACCEPT (7 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Stracener, Levy, Wall, Ozancin, Landfield, Cole MODIFY(1) Frech NOOP(2) Armstrong, Christey Voter Comments: Frech> XF:fuseware-popmail-bo Wall> Also part of BlackIce detection. CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8 The originally vulnerable version was reported as 2.7 This FAQ Says: "Although a security hole was reported in version 2.7, and which also existed in earlier versions, that hole has been fixed in all later versions. It must be stressed that the potential security risk was only on the local side. To date there have been no reports of a security risk from the Internet side, despite the attempts by a number of hackers to find one." ====================================================== Candidate: CAN-1999-0787 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0787 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990917 A few bugs... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2 Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2 Reference: XF:ssh-socket-auth-symlink-dos Reference: BID:660 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=660 The SSH authentication agent follows symlinks via a UNIX domain socket. Modifications: ADDREF BUGTRAQ:19990917 A few bugs... ADDREF BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] ADDREF XF:ssh-socket-auth-symlink-dos INFERRED ACTION: CAN-1999-0787 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Levy, Landfield MODIFY(2) Stracener, Frech NOOP(3) Wall, Ozancin, Cole Voter Comments: Stracener> Add Ref: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] Frech> XF:ssh-socket-auth-symlink-dos ====================================================== Candidate: CAN-1999-0788 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0788 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2 Reference: BID:662 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=662 Reference: XF:arkiea-backup-nlserverd-remote-dos Arkiea nlservd allows remote attackers to conduct a denial of service. Modifications: ADDREF BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS ADDREF XF:arkiea-backup-nlserverd-remote-dos INFERRED ACTION: CAN-1999-0788 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Levy, Wall, Landfield, Cole MODIFY(2) Stracener, Frech NOOP(2) Armstrong, Ozancin Voter Comments: Stracener> Add Ref:BUGTRAQ:19990923 Multiple vendor Knox Arkiea local root/remote DoS Frech> XF:arkiea-backup-nlserverd-remote-dos Wall> exploit code on packetstorm CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0791 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0791 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems Reference: KSRT:012 Reference: BID:695 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=695 Reference: XF:hybrid-anon-cable-modem-reconfig Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. Modifications: ADDREF BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems ADDREF BID:695 ADDREF XF:hybrid-anon-cable-modem-reconfig INFERRED ACTION: CAN-1999-0791 ACCEPT_REV (5 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Levy, Prosser, Cole MODIFY(2) Stracener, Frech NOOP(4) Wall, Ozancin, Landfield, Christey REVIEWING(1) Armstrong Voter Comments: Stracener> Add Ref: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems Frech> XF:hybrid-anon-cable-modem-reconfig Christey> ADDREF BID:695 URL:http://www.securityfocus.com/vdb/bottom.html?vid=695 CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0823 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0823 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:839 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=839 Reference: XF:freebsd-xmindpath Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. Modifications: ADDREF XF:freebsd-xmindpath INFERRED ACTION: CAN-1999-0823 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(2) Cole, Frech NOOP(1) Christey REVIEWING(1) Prosser Voter Comments: Cole> This is via a buffer overflow attack. Frech> XF:freebsd-xmindpath Christey> Mike Prosser's REVIEWING vote expires July 17, 2000 ====================================================== Candidate: CAN-1999-0826 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0826 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:840 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=840 Reference: XF:angband-bo Buffer overflow in FreeBSD angband allows local users to gain privileges. Modifications: ADDREF XF:angband-bo INFERRED ACTION: CAN-1999-0826 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Cole, Stracener, Armstrong MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Prosser Voter Comments: Frech> XF:angband-bo Christey> Mike Prosser's REVIEWING vote expires July 17, 2000 ====================================================== Candidate: CAN-1999-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0873 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BID:759 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=759 Reference: XF:skyfull-mail-from-bo Buffer overflow in Skyfull mail server via MAIL FROM command. Modifications: ADDREF XF:skyfull-mail-from-bo INFERRED ACTION: CAN-1999-0873 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Cole, Stracener, Levy, Wall, Landfield MODIFY(1) Frech NOOP(2) Armstrong, Ozancin Voter Comments: Frech> XF:skyfull-mail-from-bo Wall> Exploit c code on packetstorm ====================================================== Candidate: CAN-1999-0904 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0904 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT Reference: XF:bftelnet-username-dos Reference: BID:771 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=771 Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. Modifications: ADDREF XF:bftelnet-username-dos INFERRED ACTION: CAN-1999-0904 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Cole, Stracener, Levy, Wall, Landfield MODIFY(1) Frech NOOP(1) Ozancin Voter Comments: Frech> XF:bftelnet-username-dos Wall> Found by Ussr labs CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0912 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service Reference: BID:653 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=653 Reference: XF:freebsd-vfscache-dos FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. Modifications: ADDREF XF:freebsd-vfscache-dos INFERRED ACTION: CAN-1999-0912 ACCEPT_REV (5 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Cole, Stracener, Levy, Landfield MODIFY(1) Frech NOOP(2) Wall, Ozancin REVIEWING(1) Armstrong Voter Comments: Frech> XF:freebsd-vfscache-dos ====================================================== Candidate: CAN-1999-0927 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0927 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: EEYE:AD05261999 Reference: BID:279 Reference: XF:ntmail-fileread NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF BID:279 ADDREF XF:ntmail-fileread INFERRED ACTION: CAN-1999-0927 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Cole, Stracener, Wall, Landfield MODIFY(2) Frech, Levy NOOP(2) Armstrong, Ozancin Voter Comments: Frech> XF:ntmail-fileread CHANGE> [Levy changed vote from REVIEWING to MODIFY] Levy> BID 279 ====================================================== Candidate: CAN-1999-0928 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0928 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1 Reference: XF:websuite-dos Reference: BID:278 Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. Modifications: ADDREF XF:websuite-dos ADDREF BID:278 INFERRED ACTION: CAN-1999-0928 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Wall MODIFY(2) Frech, Levy NOOP(4) Christey, Armstrong, Ozancin, Landfield Voter Comments: Frech> XF:websuite-dos Levy> BID 278 Christey> http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D278 It appears that the product has been discontinued, and was shareware. CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0932 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0932 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: CF Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:735 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=735 Reference: XF:mediahouse-stats-adminpw-cleartext Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file. Modifications: ADDREF XF:mediahouse-stats-adminpw-cleartext INFERRED ACTION: CAN-1999-0932 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Levy MODIFY(1) Frech Voter Comments: Frech> XF:mediahouse-stats-adminpw-cleartext ====================================================== Candidate: CAN-1999-0942 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0942 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit Reference: XF:sco-unixware-dos7utils-root-privs UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. Modifications: ADDREF XF:sco-unixware-dos7utils-root-privs INFERRED ACTION: CAN-1999-0942 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(4) Armstrong, Wall, Ozancin, Landfield Voter Comments: Frech> XF:sco-unixware-dos7utils-root-privs CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0946 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: XF:yamaha-midiplug-embed Reference: BID:760 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=760 Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. Modifications: ADDREF XF:yamaha-midiplug-embed INFERRED ACTION: CAN-1999-0946 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Stracener, Armstrong, Levy, Wall MODIFY(1) Frech NOOP(3) Cole, Ozancin, Landfield Voter Comments: Frech> XF:yamaha-midiplug-embed ====================================================== Candidate: CAN-1999-0954 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0954 Final-Decision: Interim-Decision: 20001011 Modified: Proposed: 19991222 Assigned: 19991208 Category: CF Reference: BUGTRAQ:19990916 More fun with WWWBoard Reference: BID:649 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=649 WWWBoard has a default username and default password. CONTENT-DECISIONS: CF-PASS INFERRED ACTION: CAN-1999-0954 ACCEPT (5 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(4) Cole, Stracener, Levy, Wall MODIFY(1) Frech NOOP(3) Armstrong, Ozancin, Landfield Voter Comments: Frech> XF:http-cgi-wwwboard-default CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0971 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0971 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit Reference: URL:http://www.securityfocus.com/archive/1/7301 Reference: XF:exim-include-overflow Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. Modifications: ADDREF XF:exim-include-overflow INFERRED ACTION: CAN-1999-0971 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Landfield MODIFY(2) Frech, Baker NOOP(3) Armstrong, Wall, Ozancin Voter Comments: Frech> XF:exim-include-overflow Baker> http://www.securityfocus.com/archive/1/7301 ====================================================== Candidate: CAN-2000-0366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0366 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: DEBIAN:19991202 problem restoring symlinks Reference: URL:http://www.debian.org/security/1999/19991202 Reference: XF:debian-dump-modify-ownership Reference: BID:1442 dump in Debian Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. Modifications: ADDREF XF:debian-dump-modify-ownership ADDREF BID:1442 INFERRED ACTION: CAN-2000-0366 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:debian-dump-modify-ownership Christey> ADDREF BID:1442 URL:http://www.securityfocus.com/bid/1442 ====================================================== Candidate: CAN-2000-0369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0369 Final-Decision: Interim-Decision: 20001011 Modified: 20000706-01 Proposed: 20000524 Assigned: 20000523 Category: SF Reference: CALDERA:CSSA-1999-029.1 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt Reference: BID:1266 Reference: XF:caldera-ident-server-dos The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. Modifications: ADDREF BID:1266 ADDREF XF:caldera-ident-server-dos INFERRED ACTION: CAN-2000-0369 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF BID:1266 Frech> XF:caldera-ident-server-dos ====================================================== Candidate: CAN-2000-0374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0374 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 20000524 Assigned: 20000523 Category: CF Reference: CALDERA:CSSA-1999-021.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt Reference: BID:1446 Reference: XF:caldera-kdm-default-configuration The default configuration of kdm in Caldera Linux allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. Modifications: ADDREF XF:caldera-kdm-default-configuration ADDREF BID:1446 INFERRED ACTION: CAN-2000-0374 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Levy MODIFY(1) Frech NOOP(2) Christey, Cole Voter Comments: Frech> XF:caldera-kdm-default-configuration Christey> BID:1446 URL:http://www.securityfocus.com/bid/1446
|
||||
