CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 648 | CVE-1999-0667 | Candidate | The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service. | Proposed (19991222) | ACCEPT(2) Blake, Cole | MODIFY(1) Stracener | NOOP(2) Baker, Christey | REJECT(1) Frech | Stracener> Add Ref: BUGTRAQ:19970919 Playing redir games with ARP and ICMP | Frech> Cannot proceed without a reference. Too vague, and resembles XF:netbsd-arp: | CVE-1999-0763: NetBSD on a multi-homed host allows ARP packets on one | network to modify ARP entries on another connected network. | CVE-1999-0764: NetBSD allows ARP packets to overwrite static ARP entries. | Will reconsider if reference provides enough information to render a | distinction. | Christey> This particular vulnerability was exploited by an attacker | during the ID"Net IDS test network exercise at the SANS | Network Security "99 conference. The attacker adapted a | publicly available program that was able to spoof another | machine on the same physical network. | | See http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019797&w=2 | for the Bugtraq reference that Tom Stracener suggested. | This generated a long thread on Bugtraq in 1997. | Blake> I"ll second Tom"s request to add the reference, it"s a very | posting good and the vulnerability is clearly derivative of | the work. | | (I do recall talking to the guy and drafting a description.) | View |
| 654 | CVE-1999-0673 | Candidate | Buffer overflow in ALMail32 POP3 client via From: or To: headers. | Proposed (19991222) | ACCEPT(6) Baker, Blake, Cole, Collins, Levy, Wall | MODIFY(2) Frech, Stracener | NOOP(3) Armstrong, Landfield, Oliver | REVIEWING(1) Ozancin | Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.037 | Frech> XF:almail-bo | CHANGE> [Cole changed vote from NOOP to ACCEPT] | View |
| 921 | CVE-1999-0941 | Candidate | Mutt mail client allows a remote attacker to execute commands via shell metacharacters. | Proposed (19991222) | ACCEPT(1) Stracener | NOOP(2) Baker, Christey | REJECT(1) Frech | REVIEWING(1) Levy | Frech> References are vague, but seem to be identical to CVE-1999-0940 | (XF:mutt-text-enriched-mime-bo). According to the references, the malformed | messages consist of metacharacters. In addition, -0941"s reference and | -0940"s SuSE reference both refer to fixes in 1.0pre3 release. Will | reconsider vote if other clearer references are forthcoming. | Christey> Modify to mention that the metachar"s are in the Content-Type header. | http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526154&w=2 | View |
| 924 | CVE-1999-0944 | Candidate | IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections. | Proposed (19991222) | ACCEPT(2) Baker, Stracener | MODIFY(1) Frech | NOOP(2) Bollinger, Christey | REVIEWING(1) Levy | Frech> XF:websphere-database-pwd-accessible | Christey> ADDREF BID:1763 | URL:http://www.securityfocus.com/bid/1763 | View |
| 928 | CVE-1999-0948 | Candidate | Buffer overflow in uum program for Canna input system allows local users to gain root privileges. | Proposed (19991222) | ACCEPT(2) Levy, Stracener | MODIFY(1) Frech | NOOP(2) Baker, Christey | Christey> CVE-1999-0948 and CVE-1999-0949 are extremely similar. | uum (0948) is exploitable through a different set of options | than canuum (0949). If it"s the same generic option parsing | routine used by both programs, then CD:SF-CODEBASE says to | merge them. But if it"s not, then CD:SF-LOC and CD:SF-EXEC | says to split them. However, this is a prime example of | how SF-EXEC might be modified - uum and canuum are clearly | part of the same package, so in the absence of clear | information, maybe we should merge them. | Frech> XF:canna-uum-bo | View |
Page 386 of 20943, showing 5 records out of 104715 total, starting on record 1926, ending on 1930
