CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 88 | CVE-1999-0088 | Candidate | IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. | Proposed (19990617) | ACCEPT(2) Northcutt, Shostack | MODIFY(2) Frech, Prosser | RECAST(1) Baker | REVIEWING(1) Christey | Frech> ERS (and other references, BTW) explicitly stipulate "local and | remote". | Reference: XF:irix-autofsd | Prosser> Include the SGI Alert as well since it is mentioned in the | description. | SGI Security Advisory 19981005-01-PX | Christey> DUPE CVE-1999-0210? | Christey> ADDREF CIAC:J-014 | Baker> It does look very similar to 1999-0210. Perhaps they should be a single entry | View |
| 121 | CVE-1999-0121 | Candidate | Buffer overflow in dtaction command gives root access. | Proposed (19990617) | ACCEPT(2) Dik, Northcutt | MODIFY(3) Baker, Frech, Prosser | REVIEWING(1) Christey | Frech> Reference: XF:dtaction-bo | Reference: XF:sun-dtaction | Prosser> Buffer overflow also affects /usr/dt/bin/dtaction in libDtSvc.a | library in AIX 4.x, but reference for this Sun vulnerability should | only reflect the Sun Bulletin or the CIAC I-032 version of the Sun | Bulletin | Christey> This is the Same Codebase as CVE-1999-0089, so the two entries | should be merged. | Frech> Replace sun-dtaction(732) with dtaction-bo(879) | Baker> Merge with 1999-0089 | View |
| 283 | CVE-1999-0284 | Candidate | Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. | Proposed (19990623) | ACCEPT(2) Blake, Northcutt | MODIFY(3) Frech, Levy, Ozancin | NOOP(1) Baker | REVIEWING(1) Christey | Frech> "Windows NT-based mail servers" (A trademark thing, and for clarification) | XF:mdaemon-helo-bo | XF:lotus-notes-helo-crash | XF:slmail-helo-overflow | XF:smtp-helo-bo (mentions several products) | XF:smtp-exchangedos | Levy> - Need one per software. Each one should be its own | vulnerability. | Ozancin> => Windows NT is correct | Christey> These are probably multiple codebases, so we"ll need to use | dot notation. Also need to see if this should be merged | with CVE-1999-0098 (Sendmail SMTP HELO). | View |
| 30 | CVE-1999-0030 | Candidate | root privileges via buffer overflow in xlock command on SGI IRIX systems. | Proposed (19990623) | ACCEPT(3) Levy, Ozancin, Prosser | NOOP(1) Baker | RECAST(1) Frech | REJECT(1) Christey | Frech> XF:xlock-bo (also add) | As per xlock-bo, also appears on AIX, BSDI, DG/UX, FreeBSD, Solaris, and | several Linii. | Also, don"t you mean to cite SGI:19970502-02-PX? The one you list is | login/scheme. | Levy> Notice that this xlock overflow is the same as in | CA-97.13. CA-97.21 simply is a reminder. | Christey> As pointed out by Elias, CA-97.21 states: "For more | information about vulnerabilities in xlock... see CA-97.13" | CA-97.13 = CVE-1999-0038. | This may also be a duplicate with CVE-1999-0306. | | See exploits at: | | http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418394&w=2 | http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418404&w=2 | | Sun also has this problem, at | http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/150&type=0&nav=sec.sba | View |
| 318 | CVE-1999-0319 | Candidate | Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. | Proposed (19990623) | ACCEPT(3) Frech, Hill, Northcutt | NOOP(2) Baker, Prosser | REVIEWING(1) Christey | Christey> BUGTRAQ:19961126 Security Problems in XMCD 2.1 | A followup to this post says that xmcd is not suid here. | View |
Page 20517 of 20943, showing 5 records out of 104715 total, starting on record 102581, ending on 102585
