CVE List

Id CVE No. Status Description Phase Votes Comments Actions
254  CVE-1999-0255  Candidate  Buffer overflow in ircd allows arbitrary command execution.  Proposed (19990623)  ACCEPT(3) Baker, Hill, Northcutt | MODIFY(1) Frech | NOOP(1) Prosser | REJECT(1) Christey  Frech> XF:irc-bo | Christey> This is too general and doesn"t have any references. The | XF reference doesn"t appear toe xist any more. | | Perhaps this reference would help: | BUGTRAQ:19970701 ircd buffer overflow | Baker> It appears that the XForce entry has been corrected, and there is a patch posted in the original bugtraq post.  View
539  CVE-1999-0549  Candidate  Windows NT automatically logs in an administrator upon rebooting.  Proposed (19990630)  ACCEPT(1) Hill | MODIFY(3) Blake, Frech, Ozancin | NOOP(1) Wall | REJECT(1) Baker  Wall> Don"t know what this is. Don"t think it is a vulnerability and would | initially reject. This is different than just renaming the | administrator account. | Frech> Would appreciate more information on this one, as in a reference. | Blake> Reference: XF:nt-autologin | Ozancin> Needs more detail | Baker> I tried to find the XF:nt-autologin reference, and got no matching records from their search engine. | No refs, no details, should reject | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:nt-autologon(5)  View
284  CVE-1999-0285  Candidate  Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.  Proposed (19990630)  ACCEPT(1) Hill | NOOP(2) Baker, Wall | REJECT(2) Christey, Frech  Christey> No references, no information. | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Frech> No references; closest documented match is with | CVE-2001-0346, but that"s for Windows 2000.  View
61  CVE-1999-0061  Candidate  File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).  Proposed (19990630)  ACCEPT(3) Frech, Hill, Northcutt | RECAST(1) Baker | REVIEWING(1) Christey  Christey> This should be split into three separate problems based on | the SNI advisory. But there"s newer information to further | complicate things. | | What do we do about this one? in 1997 or so, SNI did an | advisory on this problem. In early 2000, it was still | discovered to be present in some Linux systems. So an | SF-DISCOVERY content decision might say that this is a | long enough time between the two, so this should be recorded | separately. But they"re the same codebase... so if we keep | them in the same entry, how do we make sure that this entry | reflects that some new information has been discovered? | | The use of dot notation may help in this regard, to use one | dot for the original problem as discovered in 1997, and | another dot for the resurgence of the problem in 2000. | Baker> We should merge these. | Christey> Perhaps this should be NAI-19 instead of NAI-20? | The original Bugtraq post for the SNI advisory suggests SNI-19: | BUGTRAQ:19971002 SNI-19:BSD lpd vulnerability | URL:SNI-19:BSD lpd vulnerability | | Also add: | BUGTRAQ:19971021 SNI-19: BSD lpd vulnerabilities (UPDATE) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87747479514310&w=2 | | However, archives of "NAI-0020" point to the lpd vuln. | | If I recall correctly, some of the NAI advisory numbers got | switched when NAI acquired SNI.  View
140  CVE-1999-0140  Candidate  Denial of service in RAS/PPTP on NT systems.  Proposed (19990630)  ACCEPT(1) Hill | MODIFY(2) Frech, Meunier | NOOP(1) Baker | REJECT(1) Christey  Meunier> Add "pptp invalid packet length in header" to distinguish from other | vulnerabilities in RAS/PPTP on NT systems resulting in DOS, that might be | discovered in the future. | Frech> XF:nt-ras-bo | ONLY IF reference is to MS:MS99-016 | Christey> According to my mappings, this is not the MS:MS99-016 problem | referred to by Andre. However, I have yet to dig up a | source. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> This is too general to know which problem is being discussed. | More precise candidates should be created. | Christey> Consider adding BID:2111  View

Page 20519 of 20943, showing 5 records out of 104715 total, starting on record 102591, ending on 102595

Actions