CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 531 | CVE-1999-0534 | Candidate | A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. | Proposed (19990721) | ACCEPT(5) Baker, Christey, Ozancin, Shostack, Wall | MODIFY(2) Frech, Northcutt | Northcutt> If we are going to write a laundry list put access to the scheduler in it. | Christey> The list of privileges is very useful for lookup. | Frech> XF:nt-create-token | XF:nt-replace-token | XF:nt-lock-memory | XF:nt-increase-quota | XF:nt-unsol-input | XF:nt-act-system | XF:nt-create-object | XF:nt-sec-audit | XF:nt-add-workstation | XF:nt-manage-log | XF:nt-take-owner | XF:nt-load-driver | XF:nt-profile-system | XF:nt-system-time | XF:nt-single-process | XF:nt-increase-priority | XF:nt-create-pagefile | XF:nt-backup | XF:nt-restore | XF:nt-debug | XF:nt-system-env | XF:nt-remote-shutdown | View |
| 532 | CVE-1999-0535 | Candidate | A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. | Proposed (19990721) | ACCEPT(2) Shostack, Wall | MODIFY(2) Baker, Frech | RECAST(2) Northcutt, Ozancin | Northcutt> inappropriate implies there is appropriate. As a guy who has been | monitoring | networks for years I have deep reservations about justiying the existance | of any fixed cleartext password. For appropriate to exist, some "we" would | have to establish some criteria for appropriate passwords. | Baker> Perhaps this could be re-worded a bit. The CVE CVE-1999-00582 | specifies "...settings for lockouts". To remain consistent with the | other, maybe it should specify "...settings for passwords" I think | most people would agree that passwords should be at least 8 | characters; contain letters (upper and lowercase), numbers and at | least one non-alphanumeric; should only be good a limited time 30-90 | days; and should not contain character combinations from user"s prior | 2 or 3 passwords. | Suggested rewrite - | A Windows NT account policy does not enforce reasonable minimum | security-critical settings for passwords, e.g. passwords of sufficient | length, periodic required password changes, or new password uniqueness | Ozancin> What is appropriate? | Frech> XF:nt-autologonpwd | XF:nt-pwlen | XF:nt-maxage | XF:nt-minage | XF:nt-pw-history | XF:nt-user-pwnoexpire | XF:nt-unknown-pwdfilter | XF:nt-pwd-never-expire | XF:nt-pwd-nochange | XF:nt-pwdcache-enable | XF:nt-guest-change-passwords | View |
| 533 | CVE-1999-0537 | Candidate | A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. | Proposed (19990726) | ACCEPT(1) Wall | NOOP(1) Baker | RECAST(1) Frech | REJECT(1) LeBlanc | Frech> Good candidate for dot notation. | XF:nav-java-enabled | XF:nav-javascript-enabled | XF:ie-active-content | XF:ie-active-download | XF:ie-active-scripting | XF:ie-activex-execution | XF:ie-java-enabled | XF:netscape-javascript | XF:netscape-java | XF:zone-active-scripting | XF:zone-activex-execution | XF:zone-desktop-install | XF:zone-low-channel | XF:zone-file-download | XF:zone-file-launch | XF:zone-java-scripting | XF:zone-low-java | XF:zone-safe-scripting | XF:zone-unsafe-scripting | LeBlanc> Not a vulnerability. These are just checks for configuration | settings that a user might have changed. I understand need to increase | number of checks in a scanning product, but don"t feel like these belong | in CVE. Scanner vendors could argue that these entries are needed to | keep a common language. | Baker> Not sure about whether we should bother to include this type issue or not. It does provide a stepping stone for further actions, but in and of itself it isn"t a specific vulnerability. | View |
| 534 | CVE-1999-0539 | Candidate | A trust relationship exists between two Unix hosts. | Proposed (19990728) | MODIFY(1) Frech | NOOP(1) Baker | REJECT(2) Northcutt, Shostack | Northcutt> Too non specific | Frech> XF:trusted-host(341) | XF:trust-remote-same(717) | XF:trust-remote-root(718) | XF:trust-remote-nonroot(719) | XF:trust-remote-any(720) | XF:trust-other-host(723) | XF:trust-all-nonroot(726) | XF:trust-any-remote(727) | XF:trust-local-acct(728) | XF:trust-local-any(729) | XF:trust-local-nonroot(730) | XF:trust-all-hosts(731) | XF:nt-trusted-domain(1284) | XF:rsagent-trusted-domainadded(1588) | XF:trust-remote-user(2955) | XF:user-trust-hosts(3074) | XF:user-trust-other-host(3077) | XF:user-trust-remote-account(3079) | View |
| 535 | CVE-1999-0541 | Candidate | A password for accessing a WWW URL is guessable. | Proposed (19990714) | ACCEPT(4) Baker, Meunier, Northcutt, Shostack | MODIFY(1) Frech | Frech> XF:http-password | View |
Page 107 of 20943, showing 5 records out of 104715 total, starting on record 531, ending on 535
