CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 156 | CVE-1999-0156 | Candidate | wu-ftpd FTP daemon allows any user and password combination. | Proposed (19990714) | ACCEPT(2) Northcutt, Shostack | NOOP(1) Baker | RECAST(1) Frech | REVIEWING(2) Christey, Prosser | Prosser> but so far can find no reference to this one | Frech> Our records indicate that this does not necessarly affect just wu-ftp (ie, | also affects IIS FTP server). | Christey> The references for XF:ftp-pwless are not specific enough, | e.g. in terms of version numbers. Perhaps this candidate | should be rejected due to insufficient information. | View |
| 163 | CVE-1999-0163 | Candidate | In older versions of Sendmail, an attacker could use a pipe character to execute root commands. | Proposed (19990714) | ACCEPT(2) Frech, Northcutt | MODIFY(1) Prosser | NOOP(2) Baker, Christey | RECAST(1) Shostack | Shostack> there was a "To: |" and a "From: |" attack, which I | think are seperate. | Prosser> older vulnerability, but one additional reference is- | The Ultimate Sendmail Hole List by Markus H・ner @ | bau2.uibk.ac.at/matic/buglist.htm | "|PROGRAM " | Christey> Description needs to be more specific to distinguish between | this and CVE-1999-0203, as alluded to by Adam Shostack | View |
| 169 | CVE-1999-0169 | Candidate | NFS allows attackers to read and write any file on the system by specifying a false UID. | Proposed (19990714) | ACCEPT(2) Frech, Northcutt | MODIFY(1) Baker | REJECT(1) Shostack | Shostack> this is not a vulnerability but a design feature. | Baker> Maybe we should reword it so that it is clear that this was a problem to something like: | | "A remote attacker could read/write files to the system with root-level permissions on NFS servers that fail to properly check the UID." | View |
| 171 | CVE-1999-0171 | Candidate | Denial of service in syslog by sending it a large number of superfluous messages. | Proposed (19990714) | ACCEPT(2) Frech, Northcutt | NOOP(1) Baker | REJECT(2) Christey, Shostack | Shostack> design issue, not a vulnerability. Alternately, add: | DOS on server by opening a large number of telnet sessions.. | Christey> Duplicate of CVE-1999-0566 | View |
| 193 | CVE-1999-0193 | Candidate | Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option. | Proposed (19990714) | ACCEPT(5) Bishop, Cole, Northcutt, Ozancin, Shostack | MODIFY(2) Baker, Blake | NOOP(4) Armstrong, Frech, Landfield, Wall | REVIEWING(2) Christey, Levy | Frech> possibly XF:ascend-kill | I can"t find a reference that lists both routers in the same reference. | Wall> Comment: There is a reference about the zero length TCP option in BugTraq on | Feb 5, 1999 | and it mentions Cisco, but not directly Ascend or 3Com. CIAC Advisory I-038 | mentions | vulnerabilities in Ascend, but does not mention TCP. CIAC Advisory I-052 | mentions | 3Com vulnerabilities, but not TCP. Too confusing withour better references. | Landfield> What are the references for this ? I cannot find a means to check it out. | CHANGE> [Frech changed vote from REVIEWING to NOOP] | Frech> Cannot reconcile to our database without further references. | Blake> I"m with Andre. I only remember and can find reference to the Ascend | issue. Do we have a refernce to the 3Coms? If not, that should be | removed from the description. | Baker> http://xforce.iss.net/static/614.php Misc Defensive Info | http://www.securityfocus.com/archive/1/5682 Misc Offensive Info | http://www.securityfocus.com/archive/1/5647 Misc Defensive Info | http://www.securityfocus.com/archive/1/5640 Misc Defensive Info | CHANGE> [Armstrong changed vote from REVIEWING to NOOP] | View |
Page 20522 of 20943, showing 5 records out of 104715 total, starting on record 102606, ending on 102610
