CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 747 | CVE-1999-0767 | Candidate | Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. | Proposed (19991214) | ACCEPT(4) Baker, Blake, Cole, Dik | MODIFY(2) Frech, Stracener | REVIEWING(2) Christey, Prosser | Stracener> Add Ref: CIAC: J-069 | Frech> XF:sun-libc-lcmessages | Prosser> BID 268 is an additional reference for this one as it has info on the Sun | vulnerability. However, BID 268 also includes AIX in this vulnerability and | refs APARS issued to fix a vulnerability in various "nixs with the Natural | Language Service environmental variables NSLPATH and PATH_LOCALE depending | on the "nix, ref CERT CA-97.10, CVE-1999-0041. However, Georgi Guninski | reported a BO in AIX with LC_MESSAGES + mount, also refed in BID 268, so it | is possible the AIX APARs fix an earlier, similar vulnerability to the Sun | BO in LC_MESSAGES. This should probably be considered under a different | CAN. Any ideas? | Christey> Given that the buffer overflows in CVE-1999-0041 are NLSPATH | and PATH_LOCALE, I"d say that"s good evidence that this is not | the same problem. But a buffer overflow in libc in | LC_MESSAGES... We must ask if these are basically the same | codebase. | | ADDREF CIAC:J-069 | Christey> While the description indicates multiple programs, CD:SF-EXEC | does not apply because the vulnerability was in libc, and | rcp and ufsrestore were both statically linked against libc. | Thus CD:SF-LOC applies, and a single candidate is maintained | because the problem occurred in a library. | Dik> Sun bug 4240566 | Christey> I"m consulting with Casper Dik and Troy Bollinger to see if | this should be combined with the AIX buffer overflows for | LC_MESSAGES; current indications are that they should be | split. | Christey> For further consultation, consider this post, though it"s | associated with CVE-1999-0041: | BUGTRAQ:19970213 Linux NLSPATH buffer overflow | http://www.securityfocus.com/archive/1/6296 | Also add "NLSPATH" and "PATH_LOCALE" to the description to | facilitate search. | View |
| 66283 | CVE-2013-6336 | Candidate | The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | Assigned (20131031) | None (candidate not yet proposed) | View | |
| 1003 | CVE-1999-1023 | Candidate | useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired. | Proposed (20010912) | ACCEPT(1) Dik | MODIFY(1) Frech | NOOP(3) Cole, Foat, Wall | Dik> sun bug: 4222400 | Frech> XF:solaris-useradd-expired-accounts(8375) | CONFIRM:(2.6)110883-01, (2.6_x86) 110884-01, (7)110869-01, | (7_x86) 110870-01 | View |
| 66539 | CVE-2013-6592 | Candidate | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | Assigned (20131104) | None (candidate not yet proposed) | View | |
| 66795 | CVE-2013-6848 | Candidate | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | Assigned (20131121) | None (candidate not yet proposed) | View |
Page 19274 of 20943, showing 5 records out of 104715 total, starting on record 96366, ending on 96370
