|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 428 candidates (Final March 8)
Sorry for this large email, but it's long overdue and I didn't want to lose another day just to package things more cleanly. I have made an Interim Decision to ACCEPT the following 428 candidates. If these candidates make it through Final Decision, then the CVE List will exceed 2000 entries. 166 of these candidates are from the 500+ legacy candidates that were proposed in fall 2001 (I haven't investigated why more aren't ready yet). Normally I break things down statistically by cluster and divide things into multiple emails, but this is such a large set of candidates that I'll take a different approach. Following is a breakdown of when the CANs were proposed. 1 Proposed: 19990726 4 Proposed: 19991222 3 Proposed: 20000111 1 Proposed: 20000322 2 Proposed: 20000426 1 Proposed: 20000518 1 Proposed: 20000615 1 Proposed: 20000712 5 Proposed: 20000719 1 Proposed: 20000803 10 Proposed: 20000921 5 Proposed: 20001018 2 Proposed: 20001219 2 Proposed: 20010202 1 Proposed: 20010214 4 Proposed: 20010309 6 Proposed: 20010404 18 Proposed: 20010524 56 Proposed: 20010727 31 Proposed: 20010829 170 Proposed: 20010912 33 Proposed: 20011012 36 Proposed: 20011122 34 Proposed: 20020131 Note: the 34 that were proposed on 1/31/2002 are very safe to accept, even though some regular voters haven't necessarily voted on them yet. Here's the summary of votes: Renaud ACCEPT(5) NOOP(1) Ozancin ACCEPT(9) NOOP(1) REVIEWING(1) Green ACCEPT(32) MODIFY(1) Magdych ACCEPT(2) NOOP(7) LeBlanc ACCEPT(6) NOOP(8) Cole ACCEPT(380) NOOP(46) Balinsky ACCEPT(8) MODIFY(2) NOOP(2) Blake ACCEPT(5) NOOP(1) Meunier MODIFY(1) Foat ACCEPT(242) MODIFY(1) NOOP(117) Williams ACCEPT(20) MODIFY(1) NOOP(6) Oliver ACCEPT(9) NOOP(5) Christey NOOP(75) RECAST(1) Wall ACCEPT(117) NOOP(258) REVIEWING(4) Ziese ACCEPT(89) NOOP(22) REVIEWING(6) Dik ACCEPT(30) Levy ACCEPT(23) REVIEWING(8) Frech ACCEPT(141) MODIFY(239) Stracener ACCEPT(132) NOOP(4) Landfield ACCEPT(3) NOOP(2) Bollinger ACCEPT(6) NOOP(1) Baker ACCEPT(192) MODIFY(3) NOOP(1) Collins ACCEPT(11) Lawler ACCEPT(4) Bishop ACCEPT(74) NOOP(26) REVIEWING(2) Prosser ACCEPT(16) MODIFY(1) Armstrong ACCEPT(113) MODIFY(1) NOOP(33) I will make a Final Decision on March 8. - Steve ====================================================== Candidate: CAN-1999-0380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0380 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-02 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92006416928093&w=2 Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2 Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 Reference: BID:497 Reference: URL:http://www.securityfocus.com/bid/497 Reference: XF:slmail-ras-ntfs-bypass(5392) Reference: URL:http://xforce.iss.net/static/5392.php SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. Modifications: ADDREF NTBUGTRAQ:199909225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service CHANGEREF NTBUGTRAQ [change date] ADDREF NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) DESC Added finger details. ADDREF XF:slmail-ras-ntfs-bypass(5392) INFERRED ACTION: CAN-1999-0380 ACCEPT (10 accept, 1 ack, 0 review) Current Votes: ACCEPT(8) Wall, Cole, Armstrong, Bishop, Collins, Ozancin, Levy, Blake MODIFY(2) Baker, Frech NOOP(2) Landfield, Christey Voter Comments: CHANGE> [Cole changed vote from NOOP to ACCEPT] Baker> Vulnerability Reference (HTML) Reference Type http://www.securityfocus.com/archive/1/12704 Misc Defensive Info Christey> Fix date in NTBUGTRAQ reference Christey> NTBUGTRAQ:19990310 SLmail 3.2 Build 3113 (Web Administration Security Fix) http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:slmail-ras-ntfs-bypass(5392) ====================================================== Candidate: CAN-1999-0801 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0801 Final-Decision: Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-frames(2075) Reference: URL:http://www.iss.net/security_center/static/2075.php BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-1999-0801 ACCEPT_REV (8 accept, 0 ack, 1 review) Current Votes: ACCEPT(8) Wall, Baker, Landfield, Cole, Frech, Collins, Ozancin, Stracener NOOP(1) Armstrong REVIEWING(1) Levy Voter Comments: Wall> found by ISS X-Force CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0815 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0815 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 19991125 Category: SF Reference: MSKB:Q196270 Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp Reference: XF:nt-snmpagent-leak(1974) Reference: URL:http://xforce.iss.net/static/1974.php Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. Modifications: ADDREF XF:nt-snmpagent-leak(1974) INFERRED ACTION: CAN-1999-0815 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-snmpagent-leak(1974) ====================================================== Candidate: CAN-1999-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0921 Final-Decision: Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-udp-dos(4291) Reference: URL:http://www.iss.net/security_center/static/4291.php Reference: BID:1879 Reference: URL:http://www.securityfocus.com/bid/1879 BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. Modifications: ADDREF XF:bmc-patrol-udp-dos(4291) ADDREF BID:1879 INFERRED ACTION: CAN-1999-0921 ACCEPT_REV (8 accept, 0 ack, 1 review) Current Votes: ACCEPT(7) Wall, Baker, Landfield, Cole, Collins, Ozancin, Stracener MODIFY(1) Frech NOOP(2) Christey, Armstrong REVIEWING(1) Levy Voter Comments: Frech> XF:bmc-patrol-udp-dos Christey> BID:1879 URL:http://www.securityfocus.com/bid/1879 ====================================================== Candidate: CAN-1999-0930 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0930 Final-Decision: Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml Reference: XF:http-cgi-wwwboard(2344) Reference: URL:http://xforce.iss.net/static/2344.php Reference: BID:1795 Reference: URL:http://www.securityfocus.com/bid/1795 wwwboard allows a remote attacker to delete message board articles via a malformed argument. Modifications: ADDREF XF:http-cgi-wwwboard(2344) ADDREF BID:1795 ADDREF CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml INFERRED ACTION: CAN-1999-0930 ACCEPT_REV (6 accept, 1 ack, 1 review) Current Votes: ACCEPT(5) Stracener, Wall, Baker, Cole, Ozancin MODIFY(1) Frech NOOP(3) Christey, Landfield, Armstrong REVIEWING(1) Levy Voter Comments: Frech> XF:http-cgi-wwwboard(2344) Christey> CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml. The comments only appear to address a followup post which describes a different vulnerability. However, it also says: "Also requires that each followup number is in fact a number, to prevent message clobbering." The suggested patch does appear to address the problem. Christey> BID:1795 URL:http://www.securityfocus.com/bid/1795 ====================================================== Candidate: CAN-1999-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0968 Final-Decision: Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19981226 bnc exploit Reference: URL:http://www.securityfocus.com/archive/1/11711 Reference: XF:bnc-proxy-bo(1546) Reference: URL:http://xforce.iss.net/static/1546.php Reference: BID:1927 Reference: URL:http://www.securityfocus.com/bid/1927 Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. Modifications: ADDREF XF:bnc-proxy-bo(1546) ADDREF BID:1927 INFERRED ACTION: CAN-1999-0968 ACCEPT_REV (7 accept, 1 ack, 1 review) Current Votes: ACCEPT(6) Stracener, Wall, Baker, Landfield, Cole, Ozancin MODIFY(1) Frech NOOP(2) Christey, Armstrong REVIEWING(1) Levy Voter Comments: Frech> XF:bnc-proxy-bo Christey> Possible acknowledgement in http://bnc.ircadmin.net/bnc2.6.2.tar.gz Under the 2.6.0 entry, it states "(8) Fixed a lot of potential string based overflows. Reduced memory requirements for users." Entry for 2.4.4 says "(3) Moved some large varibles out of stack space for speed and securety." Version 2.4.4 was reported as being vulnerable. Looking in cmds.c, line 200 has a call to some sockprint() function which includes the USER name. The sockprint() function in server.c calls vsnprintf with a size limit of PACKETBUFF, and the original buffer is allocated as PACKETBUFF+1 bytes, so there probably isn't an overflow anymore. But there's no comment indicating a fix - however, this could have been the fix. Christey> BID:1927 ====================================================== Candidate: CAN-1999-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1014 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2 Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2 Reference: SUNBUG:4276509 Reference: XF:sun-usrbinmail-local-bo(3297) Reference: URL:http://xforce.iss.net/static/3297.php Reference: BID:672 Reference: URL:http://www.securityfocus.com/bid/672 Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. Modifications: ADDREF SUNBUG:4276509 INFERRED ACTION: CAN-1999-1014 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Frech, Dik NOOP(2) Wall, Foat Voter Comments: Dik> sun bug: 4276509 ====================================================== Candidate: CAN-1999-1019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1019 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2 Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2 Reference: BID:495 Reference: URL:http://www.securityfocus.com/bid/495 SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. INFERRED ACTION: CAN-1999-1019 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-1999-1021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1021 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-15 Reference: URL:http://www.cert.org/advisories/CA-1992-15.html Reference: SUN:00117 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba Reference: BID:47 Reference: URL:http://www.securityfocus.com/bid/47 Reference: XF:nfs-uid(82) Reference: URL:http://xforce.iss.net/static/82.php NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. Modifications: ADDREF XF:nfs-uid(82) INFERRED ACTION: CAN-1999-1021 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:nfs-uid(82) Dik> sun bug: 1095935 ====================================================== Candidate: CAN-1999-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1027 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925880&w=2 Reference: SUNBUG:4178998 Reference: XF:solaris-admintool-world-writable(7296) Reference: URL:http://xforce.iss.net/static/7296.php Reference: BID:290 Reference: URL:http://www.securityfocus.com/bid/290 Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. Modifications: ADDREF XF:solaris-admintool-world-writable(7296) ADDREF SUNBUG:4178998 INFERRED ACTION: CAN-1999-1027 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Dik MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:solaris-admintool-world-writable(7296) Dik> sun bug: 4178998 ====================================================== Candidate: CAN-1999-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1028 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2 Reference: BID:288 Reference: URL:http://www.securityfocus.com/bid/288 Reference: XF:pcanywhere-dos(2256) Reference: URL:http://www.iss.net/security_center/static/2256.php Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. Modifications: ADDREF XF:pcanywhere-dos(2256) INFERRED ACTION: CAN-1999-1028 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Baker, Cole NOOP(2) Wall, Foat ====================================================== Candidate: CAN-1999-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1032 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1991-11 Reference: URL:http://www.cert.org/advisories/CA-1991-11.html Reference: CIAC:B-36 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml Reference: BID:26 Reference: URL:http://www.securityfocus.com/bid/26 Reference: XF:ultrix-telnet(584) Reference: URL:http://xforce.iss.net/static/584.php Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. Modifications: ADDREF XF:ultrix-telnet(584) ADDREF CIAC:B-36 DESC add lattelnet to facilitate search. INFERRED ACTION: CAN-1999-1032 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ultrix-telnet(584) ====================================================== Candidate: CAN-1999-1034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1034 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-08 Reference: URL:http://www.cert.org/advisories/CA-1991-08.html Reference: CIAC:B-28 Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml Reference: BID:23 Reference: URL:http://www.securityfocus.com/bid/23 Reference: XF:sysv-login(583) Reference: URL:http://xforce.iss.net/static/583.php Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. Modifications: ADDREF XF:sysv-login(583) ADDREF CIAC:B-28 INFERRED ACTION: CAN-1999-1034 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:sysv-login(583) ====================================================== Candidate: CAN-1999-1035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1035 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-019.asp Reference: MSKB:Q192296 Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp Reference: XF:iis-get-dos(1823) Reference: URL:http://xforce.iss.net/static/1823.php IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. Modifications: ADDREF XF:iis-get-dos(1823) INFERRED ACTION: CAN-1999-1035 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:iis-get-dos(1823) ====================================================== Candidate: CAN-1999-1037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1037 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2 Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125986&w=2 Reference: XF:satan-rexsatan-symlink(7167) Reference: URL:http://www.iss.net/security_center/static/7167.php rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. Modifications: ADDREF XF:satan-rexsatan-symlink(7167) INFERRED ACTION: CAN-1999-1037 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:satan-rexsatan-symlink(7167) ====================================================== Candidate: CAN-1999-1044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1044 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: COMPAQ:SSRT0495U Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: CIAC:I-050 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: XF:dgux-advfs-softlinks(7431) Reference: URL:http://www.iss.net/security_center/static/7431.php Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. Modifications: ADDREF XF:dgux-advfs-softlinks(7431) INFERRED ACTION: CAN-1999-1044 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Foat, Stracener MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:dgux-advfs-softlinks(7431) ====================================================== Candidate: CAN-1999-1045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1045 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980115 pnserver exploit.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492978527261&w=2 Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88490880523890&w=2 Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90338245305236&w=2 Reference: MISC:http://service.real.com/help/faq/serv501.html Reference: XF:realserver-pnserver-remote-dos(7297) Reference: URL:http://www.iss.net/security_center/static/7297.php pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. Modifications: ADDREF XF:realserver-pnserver-remote-dos(7297) DESC [typo] INFERRED ACTION: CAN-1999-1045 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:realserver-pnserver-remote-dos(7297) ====================================================== Candidate: CAN-1999-1047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1047 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2 Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2 Reference: XF:gauntlet-bsdi-bypass(3397) Reference: URL:http://www.iss.net/security_center/static/3397.php When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-1999-1047 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall Voter Comments: Frech> Normalize: XF:gauntlet-bsdi-bypass(3397) ====================================================== Candidate: CAN-1999-1048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1048 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit Reference: URL:http://www.securityfocus.com/archive/1/10542 Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2 Reference: DEBIAN:19980909 problem with very long pathnames Reference: URL:http://www.debian.org/security/1998/19980909 Reference: XF:linux-bash-bo(3414) Reference: URL:http://xforce.iss.net/static/3414.php Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. INFERRED ACTION: CAN-1999-1048 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1055 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-018.asp Reference: BID:179 Reference: URL:http://www.securityfocus.com/bid/179 Reference: XF:excel-call(1737) Reference: URL:http://xforce.iss.net/static/1737.php Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." INFERRED ACTION: CAN-1999-1055 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1057 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-07 Reference: URL:http://www.cert.org/advisories/CA-1990-07.html Reference: CIAC:B-04 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml Reference: BID:12 Reference: URL:http://www.securityfocus.com/bid/12 Reference: XF:vms-analyze-processdump-privileges(7137) Reference: URL:http://www.iss.net/security_center/static/7137.php VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. Modifications: ADDREF XF:vms-analyze-processdump-privileges(7137) INFERRED ACTION: CAN-1999-1057 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:vms-analyze-processdump-privileges(7137) ====================================================== Candidate: CAN-1999-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1059 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-04 Reference: URL:http://www.cert.org/advisories/CA-1992-04.html Reference: BID:36 Reference: URL:http://www.securityfocus.com/bid/36 Reference: XF:att-rexecd(3159) Reference: URL:http://www.iss.net/security_center/static/3159.php Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. Modifications: ADDREF XF:att-rexecd(3159) INFERRED ACTION: CAN-1999-1059 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:att-rexecd(3159) ====================================================== Candidate: CAN-1999-1074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1074 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/9138 Reference: CONFIRM:http://www.webmin.com/webmin/changes.html Reference: BID:98 Reference: URL:http://www.securityfocus.com/bid/98 Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. INFERRED ACTION: CAN-1999-1074 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF;webmin-password-brute-force(7216) ====================================================== Candidate: CAN-1999-1085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1085 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125884&w=2 Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2 Reference: CISCO:20010627 Multiple SSH Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/SSH-multiple-pub.html Reference: CERT-VN:VU#13877 Reference: URL:http://www.kb.cert.org/vuls/id/13877 Reference: XF:ssh-insert(1126) Reference: URL:http://www.iss.net/security_center/static/1126.php SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." Modifications: ADDREF XF:ssh-insert(1126) ADDREF CISCO:20010627 Multiple SSH Vulnerabilities ADDREF CERT-VN:VU#13877 INFERRED ACTION: CAN-1999-1085 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:ssh-insert(1126) Christey> CISCO:20010627 Multiple SSH Vulnerabilities http://www.cisco.com/warp/public/707/SSH-multiple-pub.html ====================================================== Candidate: CAN-1999-1087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1087 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-016.asp Reference: MSKB:Q168617 Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp Reference: XF:ie-dotless(2209) Reference: URL:http://xforce.iss.net/static/2209.php Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. INFERRED ACTION: CAN-1999-1087 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1090 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-15 Reference: URL:http://www.cert.org/advisories/CA-1991-15.html Reference: XF:ftp-ncsa(1844) Reference: URL:http://xforce.iss.net/static/1844.php The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. INFERRED ACTION: CAN-1999-1090 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1093 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-011.asp Reference: MSKB:Q191200 Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp Reference: XF:java-script-patch(1276) Reference: URL:http://www.iss.net/security_center/static/1276.php Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. Modifications: ADDREF XF:java-script-patch(1276) ADDREF MSKB:Q191200 INFERRED ACTION: CAN-1999-1093 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:java-script-patch(1276) ====================================================== Candidate: CAN-1999-1094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1094 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88480839506155&w=2 Reference: XF:iemk-bug(917) Reference: URL:http://xforce.iss.net/static/917.php Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." INFERRED ACTION: CAN-1999-1094 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1098 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1995-03 Reference: URL:http://www.cert.org/advisories/CA-1995-03.html Reference: CIAC:F-12 Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml Reference: XF:bsd-telnet(516) Reference: URL:http://www.iss.net/security_center/static/516.php Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. Modifications: ADDREF XF:bsd-telnet(516) INFERRED ACTION: CAN-1999-1098 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bsd-telnet(516) ====================================================== Candidate: CAN-1999-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1099 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2 Reference: XF:kerberos-user-grab(65) Reference: URL:http://xforce.iss.net/static/65.php Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. Modifications: DESC [grammar] INFERRED ACTION: CAN-1999-1099 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech Voter Comments: Frech> In description, fix grammar: "generates an error string that inadvertently..." ====================================================== Candidate: CAN-1999-1100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1100 Final-Decision: Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml Reference: CIAC:I-056 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml Reference: XF:cisco-pix-parse-error(1579) Reference: URL:http://xforce.iss.net/static/1579.php Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. Modifications: ADDREF CIAC:I-056 INFERRED ACTION: CAN-1999-1100 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Foat, Cole, Armstrong, Frech, Stracener, Balinsky NOOP(1) Wall ====================================================== Candidate: CAN-1999-1102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1102 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr Reference: BUGTRAQ:19940307 8lgm Advisory Releases Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm Reference: CIAC:E-25a Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. INFERRED ACTION: CAN-1999-1102 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bsd-lpr-symlink(7209) ====================================================== Candidate: CAN-1999-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1103 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:VB-96.05 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec Reference: CIAC:G-18 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml Reference: MISC:http://www.tao.ca/fire/bos/0209.html Reference: XF:osf-dxconsole-gain-privileges(7138) Reference: URL:http://www.iss.net/security_center/static/7138.php dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. Modifications: ADDREF XF:osf-dxconsole-gain-privileges(7138) INFERRED ACTION: CAN-1999-1103 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:osf-dxconsole-gain-privileges(7138) ====================================================== Candidate: CAN-1999-1104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1104 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418931&w=2 Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=88540877601866&w=2 Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88536273725787&w=2 Reference: MSKB:Q140557 Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp Reference: XF:win95-nbsmbpwl(71) Reference: URL:http://www.iss.net/security_center/static/71.php Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. Modifications: ADDREF XF:win95-nbsmbpwl(71) INFERRED ACTION: CAN-1999-1104 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win95-nbsmbpwl(71) ====================================================== Candidate: CAN-1999-1105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1105 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html Reference: XF:win95-netware-hidden-share(7231) Reference: URL:http://www.iss.net/security_center/static/7231.php Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. Modifications: DESC [spelling] ADDREF XF:win95-netware-hidden-share(7231) INFERRED ACTION: CAN-1999-1105 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win95-netware-hidden-share(7231) In description, Netware should be NetWare. ====================================================== Candidate: CAN-1999-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1109 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2 Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2 Reference: BID:904 Reference: URL:http://www.securityfocus.com/bid/904 Reference: XF:sendmail-etrn-dos(7760) Reference: URL:http://www.iss.net/security_center/static/7760.php Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. Modifications: ADDREF XF:sendmail-etrn-dos(7760) INFERRED ACTION: CAN-1999-1109 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:sendmail-etrn-dos(7760) ====================================================== Candidate: CAN-1999-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1111 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2 Reference: BID:786 Reference: URL:http://www.securityfocus.com/bid/786 Reference: XF:immunix-stackguard-bo(3524) Reference: URL:http://xforce.iss.net/static/3524.php Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. INFERRED ACTION: CAN-1999-1111 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1114 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1114 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:H-15A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml Reference: AUSCERT:AA-96.17 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul Reference: SGI:19980405-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I Reference: XF:ksh-suid_exec(2100) Reference: URL:http://xforce.iss.net/static/2100.php Reference: BID:467 Reference: URL:http://www.securityfocus.com/bid/467 Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1114 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1115 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-04 Reference: URL:http://www.cert.org/advisories/CA-1990-04.html Reference: CIAC:A-30 Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml Reference: BID:7 Reference: URL:http://www.securityfocus.com/bid/7 Reference: XF:apollo-suidexec-unauthorized-access(6721) Reference: URL:http://www.iss.net/security_center/static/6721.php Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). Modifications: ADDREF XF:apollo-suidexec-unauthorized-access(6721) INFERRED ACTION: CAN-1999-1115 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:apollo-suidexec-unauthorized-access(6721) ====================================================== Candidate: CAN-1999-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1116 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SGI:19970503-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX Reference: BID:462 Reference: URL:http://www.securityfocus.com/bid/462 Reference: XF:sgi-runpriv(2108) Reference: URL:http://xforce.iss.net/static/2108.php Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1116 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1117 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961124 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b Reference: BUGTRAQ:19961125 lquerypv fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2 Reference: BUGTRAQ:19961125 AIX lquerypv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2 Reference: CIAC:H-13 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml Reference: BID:455 Reference: URL:http://www.securityfocus.com/bid/455 Reference: XF:ibm-lquerypv(1752) Reference: URL:http://xforce.iss.net/static/1752.php lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. INFERRED ACTION: CAN-1999-1117 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1118 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUN:00165 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba Reference: BID:433 Reference: URL:http://www.securityfocus.com/bid/433 Reference: XF:sun-ndd(817) Reference: URL:http://xforce.iss.net/static/817.php ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. INFERRED ACTION: CAN-1999-1118 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Foat, Cole, Frech, Dik, Stracener Voter Comments: Dik> sun bug: 4069630 ====================================================== Candidate: CAN-1999-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1119 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1992-09 Reference: URL:http://www.cert.org/advisories/CA-1992-09.html Reference: BID:41 Reference: URL:http://www.securityfocus.com/bid/41 Reference: XF:aix-anon-ftp(3154) Reference: URL:http://xforce.iss.net/static/3154.php FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-1999-1119 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1120 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970104 Irix: netprint story Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2 Reference: SGI:19961203-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX Reference: SGI:19961203-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX Reference: BID:395 Reference: URL:http://www.securityfocus.com/bid/395 Reference: XF:sgi-netprint(2107) Reference: URL:http://xforce.iss.net/static/2107.php netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1120 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1121 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1992-06 Reference: URL:http://www.cert.org/advisories/CA-1992-06.html Reference: BID:38 Reference: URL:http://www.securityfocus.com/bid/38 Reference: XF:ibm-uucp(554) Reference: URL:http://xforce.iss.net/static/554.php The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1121 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1122 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1989-02 Reference: URL:http://www.cert.org/advisories/CA-1989-02.html Reference: CIAC:CIAC-08 Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml Reference: SUNBUG:1019265 Reference: BID:3 Reference: URL:http://www.securityfocus.com/bid/3 Reference: XF:sun-restore-gain-privileges(6695) Reference: URL:XF:sun-restore-gain-privileges(6695) Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. Modifications: ADDREF XF:sun-restore-gain-privileges(6695) ADDREF CIAC:CIAC-08 ADDREF SUNBUG:1019265 INFERRED ACTION: CAN-1999-1122 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sun-restore-gain-privileges(6695) Dik> sun bug: 1019265 ====================================================== Candidate: CAN-1999-1127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1127 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-017.asp Reference: MSKB:Q195733 Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp Reference: XF:nt-spoolss(523) Reference: URL:http://www.iss.net/security_center/static/523.php Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. Modifications: ADDREF XF:nt-spoolss(523) INFERRED ACTION: CAN-1999-1127 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-spoolss(523) ====================================================== Candidate: CAN-1999-1131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1131 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:VB-97.12 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup Reference: CIAC:I-060 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml Reference: SGI:19980601-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX Reference: XF:sgi-osf-dce-dos(1123) Reference: URL:http://xforce.iss.net/static/1123.php Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. INFERRED ACTION: CAN-1999-1131 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1132 Final-Decision: Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90763508011966&w=2 Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90760603030452&w=2 Reference: MSKB:Q179157 Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp Reference: XF:token-ring-dos(1399) Reference: URL:http://www.iss.net/security_center/static/1399.php Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. INFERRED ACTION: CAN-1999-1132 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:token-ring-dos(1399) ====================================================== Candidate: CAN-1999-1136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1136 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9807-081 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html Reference: HP:HPSBMP9807-005 Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2 Reference: CIAC:I-081 Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml Reference: XF:mpeix-predictive(1413) Reference: URL:http://xforce.iss.net/static/1413.php Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. INFERRED ACTION: CAN-1999-1136 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1137 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CIAC:E-01 Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml Reference: SUN:00122 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba Reference: XF:sun-audio(549) Reference: URL:http://xforce.iss.net/static/549.php The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. INFERRED ACTION: CAN-1999-1137 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Foat, Cole, Frech, Dik, Stracener ====================================================== Candidate: CAN-1999-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1138 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1993-13 Reference: URL:http://www.cert.org/advisories/CA-1993-13.html Reference: XF:sco-homedir(546) Reference: URL:http://xforce.iss.net/static/546.php SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. INFERRED ACTION: CAN-1999-1138 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1139 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html Reference: BUGTRAQ:19970901 HP UX Bug :) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2 Reference: HP:HPSBUX9801-074 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html Reference: CIAC:I-027B Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml Reference: XF:hp-cue(2007) Reference: URL:http://www.iss.net/security_center/static/2007.php Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. Modifications: ADDREF XF:hp-cue(2007) ADDREF CIAC:I-027B INFERRED ACTION: CAN-1999-1139 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-cue(2007) ====================================================== Candidate: CAN-1999-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1140 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971214 buffer overflows in cracklib?! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2 Reference: CERT:VB-97.16 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib Reference: XF:cracklib-bo(1539) Reference: URL:http://xforce.iss.net/static/1539.php Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. INFERRED ACTION: CAN-1999-1140 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1142 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-11 Reference: URL:http://www.cert.org/advisories/CA-1992-11.html Reference: XF:sun-env(3152) Reference: URL:http://xforce.iss.net/static/3152.php SunOS 4.1.2 and earlier allows local users to gain privileges in certain dynamically linked setuid or setgid programs that change the real and effective user ids to the same user, via "LD_*" environmental variables. INFERRED ACTION: CAN-1999-1142 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Foat, Cole, Frech, Dik, Stracener NOOP(1) Wall Voter Comments: Dik> sun bug: 1085853 ====================================================== Candidate: CAN-1999-1143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1143 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:H-065 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml Reference: SGI:19970504-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX Reference: XF:sgi-rld(2109) Reference: URL:http://xforce.iss.net/static/2109.php Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. INFERRED ACTION: CAN-1999-1143 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1144 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: HP:HPSBUX9701-051 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html Reference: XF:hp-mpower(2056) Reference: URL:http://xforce.iss.net/static/2056.php Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1144 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1145 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9701-044 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514 Reference: CIAC:H-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml Reference: XF:hp-glanceplus(2059) Reference: URL:http://xforce.iss.net/static/2059.php Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. INFERRED ACTION: CAN-1999-1145 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1146 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9405-011 Reference: URL:http://www.securityfocus.com/advisories/1555 Reference: XF:hp-glanceplus-gpm(2060) Reference: URL:http://xforce.iss.net/static/2060.php Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. INFERRED ACTION: CAN-1999-1146 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1147 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2 Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: XF:pcm-dos-execute(1430) Reference: URL:http://xforce.iss.net/static/1430.php Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. INFERRED ACTION: CAN-1999-1147 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1148 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-006.asp Reference: MSKB:Q189262 Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP Reference: XF:iis-passive-ftp(1215) Reference: URL:http://xforce.iss.net/static/1215.php FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. INFERRED ACTION: CAN-1999-1148 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1156 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R2698 Reference: XF:bisonware-port-crash(2254) Reference: URL:http://xforce.iss.net/static/2254.php BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns. INFERRED ACTION: CAN-1999-1156 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-1999-1157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1157 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q192774 Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP Reference: XF:tcpipsys-icmp-dos(3894) Reference: URL:http://xforce.iss.net/static/3894.php Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. INFERRED ACTION: CAN-1999-1157 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1159 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2 Reference: XF:ssh-privileged-port-forward(1471) Reference: URL:http://xforce.iss.net/static/1471.php SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. INFERRED ACTION: CAN-1999-1159 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1160 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9702-055 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2 Reference: CIAC:H-33 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml Reference: XF:hp-ftpd-kftpd(7437) Reference: URL:http://www.iss.net/security_center/static/7437.php Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. Modifications: ADDREF XF:hp-ftpd-kftpd(7437) INFERRED ACTION: CAN-1999-1160 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-ftpd-kftpd(7437) ====================================================== Candidate: CAN-1999-1161 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1161 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961103 Re: Untitled Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2 Reference: BUGTRAQ:19961104 ppl bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2 Reference: HP:HPSBUX9704-057 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html Reference: CIAC:H-32 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml Reference: AUSCERT:AA-97.07 Reference: XF:hp-ppl(7438) Reference: URL:http://www.iss.net/security_center/static/7438.php Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. Modifications: ADDREF XF:hp-ppl(7438) INFERRED ACTION: CAN-1999-1161 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-ppl(7438) Not hp-ppllog(419) ====================================================== Candidate: CAN-1999-1162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1162 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1993-08 Reference: URL:http://www.cert.org/advisories/CA-1993-08.html Reference: XF:sco-passwd-deny(542) Reference: URL:http://www.iss.net/security_center/static/542.php Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. Modifications: ADDREF XF:sco-passwd-deny(542) INFERRED ACTION: CAN-1999-1162 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sco-passwd-deny(542) ====================================================== Candidate: CAN-1999-1163 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1163 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9911-105 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2 Reference: XF:hp-ssp(7439) Reference: URL:http://www.iss.net/security_center/static/7439.php Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. Modifications: ADDREF XF:hp-ssp(7439) INFERRED ACTION: CAN-1999-1163 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-ssp(7439) ====================================================== Candidate: CAN-1999-1167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1167 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html Reference: XF:thirdvoice-cross-site-scripting(7252) Reference: URL:http://www.iss.net/security_center/static/7252.php Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. Modifications: ADDREF XF:thirdvoice-cross-site-scripting(7252) INFERRED ACTION: CAN-1999-1167 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:thirdvoice-cross-site-scripting(7252) ====================================================== Candidate: CAN-1999-1175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1175 Final-Decision: Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml Reference: CIAC:I-054 Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml Reference: XF:cisco-wccp-vuln(1577) Reference: URL:http://xforce.iss.net/static/1577.php Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. Modifications: ADDREF XF:cisco-wccp-vuln(1577) INFERRED ACTION: CAN-1999-1175 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Stracener, Balinsky MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-wccp-vuln(1577) CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-1999-1177 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1177 Final-Decision: Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish Reference: XF:http-cgi-nphpublish(2055) Reference: URL:http://xforce.iss.net/static/2055.php Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. Modifications: ADDREF XF:http-cgi-nphpublish(2055) INFERRED ACTION: CAN-1999-1177 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:http-cgi-nphpublish(2055) ====================================================== Candidate: CAN-1999-1181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1181 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: Reference: SGI:19980901-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX Reference: CIAC:J-003 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml Reference: XF:irix-register(7441) Reference: URL:http://www.iss.net/security_center/static/7441.php Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges. Modifications: ADDREF XF:irix-register(7441) INFERRED ACTION: CAN-1999-1181 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:irix-register(7441) ====================================================== Candidate: CAN-1999-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1188 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2 Reference: XF:mysql-readable-log-files(1568) Reference: URL:http://xforce.iss.net/static/1568.php mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. INFERRED ACTION: CAN-1999-1188 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1191 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2 Reference: AUSCERT:AA-97.18 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul Reference: SUN:00144 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144 Reference: BID:207 Reference: URL:http://www.securityfocus.com/bid/207 Reference: XF:solaris-chkey-bo(7442) Reference: URL:http://www.iss.net/security_center/static/7442.php Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. Modifications: ADDREF XF:solaris-chkey-bo(7442) INFERRED ACTION: CAN-1999-1191 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:solaris-chkey-bo(7442) Dik> sun bug 4053189 Dik> sun bug 4053189 ====================================================== Candidate: CAN-1999-1192 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1192 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUN:00143 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143 Reference: BID:206 Reference: URL:http://www.securityfocus.com/bid/206 Reference: XF:solaris-eeprom-bo(7444) Reference: URL:http://www.iss.net/security_center/static/7444.php Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. Modifications: ADDREF XF:solaris-eeprom-bo(7444) INFERRED ACTION: CAN-1999-1192 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:solaris-eeprom-bo(7444) Dik> sun bug: 4043234 Dik> sun bug: 4043234 ====================================================== Candidate: CAN-1999-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1193 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-06 Reference: URL:http://www.cert.org/advisories/CA-1991-06.html Reference: XF:next-me(581) Reference: URL:http://xforce.iss.net/static/581.php Reference: BID:20 Reference: URL:http://www.securityfocus.com/bid/20 The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. INFERRED ACTION: CAN-1999-1193 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1194 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1991-05 Reference: URL:http://www.cert.org/advisories/CA-1991-05.html Reference: BID:17 Reference: URL:http://www.securityfocus.com/bid/17 Reference: XF:dec-chroot(577) Reference: URL:http://xforce.iss.net/static/577.php chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1194 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1197 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-12 Reference: URL:http://www.cert.org/advisories/CA-1990-12.html Reference: BID:14 Reference: URL:http://www.securityfocus.com/bid/14 Reference: XF:sunos-tioccons-console-redirection(7140) Reference: URL:http://www.iss.net/security_center/static/7140.php TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. Modifications: ADDREF XF:sunos-tioccons-console-redirection(7140) INFERRED ACTION: CAN-1999-1197 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sunos-tioccons-console-redirection(7140) Dik> sun bug: 1008324 ====================================================== Candidate: CAN-1999-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1198 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-06 Reference: URL:http://www.cert.org/advisories/CA-1990-06.html Reference: CIAC:B-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml Reference: BID:11 Reference: URL:http://www.securityfocus.com/bid/11 Reference: XF:nextstep-builddisk-root-access(7141) Reference: URL:http://www.iss.net/security_center/static/7141.php BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. Modifications: ADDREF XF:nextstep-builddisk-root-access(7141) INFERRED ACTION: CAN-1999-1198 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:nextstep-builddisk-root-access(7141) ====================================================== Candidate: CAN-1999-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1203 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2 Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2 Reference: XF:ascend-ppp-isdn-dos(7498) Reference: URL:http://www.iss.net/security_center/static/7498.php Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. Modifications: ADDREF XF:ascend-ppp-isdn-dos(7498) INFERRED ACTION: CAN-1999-1203 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:ascend-ppp-isdn-dos(7498) ====================================================== Candidate: CAN-1999-1204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1204 Final-Decision: Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925912&w=2 Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html Reference: XF:fw1-user-defined-keywords-access(7293) Reference: URL:http://xforce.iss.net/static/7293.php Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. Modifications: ADDREF XF:fw1-user-defined-keywords-access(7293) INFERRED ACTION: CAN-1999-1204 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:fw1-user-defined-keywords-access(7293) http://www.checkpoint.com/techsupport/config/keywords.html ====================================================== Candidate: CAN-1999-1205 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1205 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2 Reference: HP:HPSBUX9607-035 Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08 Reference: CIAC:G-34 Reference: XF:hp-nettune(414) nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. INFERRED ACTION: CAN-1999-1205 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1208 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2 Reference: BUGTRAQ:19970721 AIX ping (Exploit) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2 Reference: XF:ping-bo(803) Reference: URL:http://xforce.iss.net/static/803.php Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. INFERRED ACTION: CAN-1999-1208 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1209 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971204 scoterm exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2 Reference: CERT:VB-97.14 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm Reference: XF:sco-scoterm(690) Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1209 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1214 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling Reference: URL:http://www.openbsd.com/advisories/signals.txt Reference: XF:openbsd-iosig(556) Reference: URL:http://xforce.iss.net/static/556.php Vulnerability in asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when initializing I/O notification, which allows local users to cause a denial of service by specifying an arbitrary process ID to be signaled via a socket or device file descriptor via certain ioctl and fcntl calls INFERRED ACTION: CAN-1999-1214 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1215 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:D-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml Reference: CERT:CA-1993-12 Reference: URL:http://www.cert.org/advisories/CA-1993-12.html Reference: XF:novell-login(545) Reference: URL:http://xforce.iss.net/static/545.php LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. INFERRED ACTION: CAN-1999-1215 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1222 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q188571 Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP Reference: XF:dns-netbtsys-dos(3893) Reference: URL:http://xforce.iss.net/static/3893.php Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. INFERRED ACTION: CAN-1999-1222 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1223 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q187503 Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp Reference: XF:url-asp-av(3892) Reference: URL:http://xforce.iss.net/static/3892.php IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. INFERRED ACTION: CAN-1999-1223 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1226 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1226 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html Reference: XF:netscape-huge-key-dos(3436) Reference: URL:http://xforce.iss.net/static/3436.php Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. INFERRED ACTION: CAN-1999-1226 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Frech NOOP(1) Foat ====================================================== Candidate: CAN-1999-1233 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1233 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS99-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp Reference: MSKB:241562 Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp Reference: BID:657 Reference: URL:http://www.securityfocus.com/bid/657 Reference: XF:iis-unresolved-domain-access(3306) Reference: URL:http://xforce.iss.net/static/3306.php IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. INFERRED ACTION: CAN-1999-1233 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1243 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1243 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CIAC:F-16 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml Reference: SGI:19950301-01-P373 Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373 Reference: XF:sgi-permissions(2113) Reference: URL:http://xforce.iss.net/static/2113.php SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges. INFERRED ACTION: CAN-1999-1243 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1246 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1246 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q229972 Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp Reference: XF:siteserver-directmail-passwords(2068) Reference: URL:http://xforce.iss.net/static/2068.php Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. INFERRED ACTION: CAN-1999-1246 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1249 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1249 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: HP:HPSBUX9701-047 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html Reference: XF:hp-movemail(2057) Reference: URL:http://xforce.iss.net/static/2057.php movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1249 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1258 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1258 Final-Decision: Interim-Decision: 20020301 Modified: Proposed: 200109 | ||||