CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 929 | CVE-1999-0949 | Candidate | Buffer overflow in canuum program for Canna input system allows local users to gain root privileges. | Proposed (19991222) | ACCEPT(2) Levy, Stracener | MODIFY(1) Frech | NOOP(2) Baker, Christey | Christey> CVE-1999-0948 and CVE-1999-0949 are extremely similar. | uum (0948) is exploitable through a different set of options | than canuum (0949). If it"s the same generic option parsing | routine used by both programs, then CD:SF-CODEBASE says to | merge them. But if it"s not, then CD:SF-LOC and CD:SF-EXEC | says to split them. However, this is a prime example of | how SF-EXEC might be modified - uum and canuum are clearly | part of the same package, so in the absence of clear | information, maybe we should merge them. | | Also review BID:758 and BID:757 - may need to change the BID | here. | Frech> XF:canna-uum-bo | Christey> CHANGEREF BID:757 BID:758 | Christey> The following page says that canuum is a "Japanese input tty | frontend for Canna using uum," which suggests that it is, at | the least, a different package, so perhaps this should stay SPLIT. | | http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/pkgsrc/inputmethod/canuum/README.html | View |
| 932 | CVE-1999-0952 | Candidate | Buffer overflow in Solaris lpstat via class argument allows local users to gain root access. | Proposed (19991222) | ACCEPT(3) Baker, Ozancin, Stracener | MODIFY(2) Dik, Frech | REVIEWING(1) Christey | Frech> XF:solaris-lpstat-bo | Christey> It is unclear from Casper Dik"s followup whether this is | exploitable or not. | Dik> Sunbug 4129917 | (other reports in the same thread suggest that the then current patchd id | fix the problem) | Christey> Confirm with Casper Dik that the overflow is in the -c option, | and if so, include it in the description to differentiate | it from the lpstat -n buffer overflow. | View |
| 679 | CVE-1999-0698 | Candidate | Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux. | Proposed (19991222) | ACCEPT(6) Armstrong, Baker, Blake, Cole, Collins, Ozancin | MODIFY(1) Frech | NOOP(4) Landfield, Levy, Stracener, Wall | REJECT(1) Christey | Stracener> Is the candidate referring to the denial of service problem mentioned in | the | changelogs for versions previous to 1.4.3-1 or does it pertain to some | problem with or | 1.4.8-1? | Frech> Depending on the version, this could be any number of DoSes | related to ippl. | From http://www.larve.net/ippl/: | 9 April 1999: version 1.4.3 released, correctly fixing a | potential denial of service attack. | 7 April 1999: version 1.4.2 released, fixing a potential | denial of service attack. | XF:linux-ippl-dos | Christey> Changelog: http://pltplp.net/ippl/docs/HISTORY | | See comments for version 1.4.2 and 1.4.3 | Another source: http://freshmeat.net/news/1999/04/08/923586598.html | CHANGE> [Stracener changed vote from REVIEWING to NOOP] | CHANGE> [Christey changed vote from NOOP to REJECT] | Christey> As mentioned by others, this could apply to several different | versions. Since the description is too vague, this CAN should | be REJECTED and recast into other candidates. | View |
| 973 | CVE-1999-0993 | Candidate | Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | Proposed (19991222) | ACCEPT(2) Stracener, Wall | MODIFY(1) Frech | NOOP(2) Baker, Cole | REJECT(1) LeBlanc | Frech> XF:exchange-acl-changes(3916) | LeBlanc> Not a vulnerability | View |
| 721 | CVE-1999-0741 | Candidate | QMS CrownNet Unix Utilities for 2060 allows root to log on without a password. | Proposed (19991222) | ACCEPT(4) Baker, Frech, Levy, Stracener | NOOP(2) Christey, Oliver | Christey> change description - anyone can log on *as* root | Frech> (Note: this XF also cataloged under CVE-1999-0508.) | View |
Page 387 of 20943, showing 5 records out of 104715 total, starting on record 1931, ending on 1935
