CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3973 | CVE-2001-1169 | Candidate | keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. | Proposed (20020315) | ACCEPT(1) Green | NOOP(5) Armstrong, Cole, Foat, Wall, Ziese | REVIEWING(1) Frech | View | |
| 215 | CVE-1999-0216 | Candidate | Denial of service of inetd on Linux through SYN and RST packets. | Modified (19991203-01) | ACCEPT(1) Hill | MODIFY(2) Baker, Frech | RECAST(1) Meunier | Meunier> The location of the vulnerability, whether in the Linux kernel or the | application, is debatable. Any program making the same (reasonnable) | assumption is vulnerable, i.e., implements the same vulnerability: | "Assumption that TCP-three-way handshake is complete after calling Linux | kernel function accept(), which returns socket after getting SYN. Result | is process death by SIGPIPE" | Moreover, whether it results in DOS (to third parties) depends on the | process that made the assumption. | I think that the present entry should be split, one entry for every | application that implements the vulnerability (really describing threat | instances, which is what other people think about when we talk about | vulnerabilities), and one entry for the Linux kernel that allows the | vulnerability to happen. | Frech> XF:hp-inetd | XF:linux-inetd-dos | Baker> Since we have an hpux bulletin, the description should not specifically say Linux, should it? It applies to mulitple OS and should be likely either modified, or in extreme case, recast | View |
| 140 | CVE-1999-0140 | Candidate | Denial of service in RAS/PPTP on NT systems. | Proposed (19990630) | ACCEPT(1) Hill | MODIFY(2) Frech, Meunier | NOOP(1) Baker | REJECT(1) Christey | Meunier> Add "pptp invalid packet length in header" to distinguish from other | vulnerabilities in RAS/PPTP on NT systems resulting in DOS, that might be | discovered in the future. | Frech> XF:nt-ras-bo | ONLY IF reference is to MS:MS99-016 | Christey> According to my mappings, this is not the MS:MS99-016 problem | referred to by Andre. However, I have yet to dig up a | source. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> This is too general to know which problem is being discussed. | More precise candidates should be created. | Christey> Consider adding BID:2111 | View |
| 539 | CVE-1999-0549 | Candidate | Windows NT automatically logs in an administrator upon rebooting. | Proposed (19990630) | ACCEPT(1) Hill | MODIFY(3) Blake, Frech, Ozancin | NOOP(1) Wall | REJECT(1) Baker | Wall> Don"t know what this is. Don"t think it is a vulnerability and would | initially reject. This is different than just renaming the | administrator account. | Frech> Would appreciate more information on this one, as in a reference. | Blake> Reference: XF:nt-autologin | Ozancin> Needs more detail | Baker> I tried to find the XF:nt-autologin reference, and got no matching records from their search engine. | No refs, no details, should reject | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:nt-autologon(5) | View |
| 284 | CVE-1999-0285 | Candidate | Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. | Proposed (19990630) | ACCEPT(1) Hill | NOOP(2) Baker, Wall | REJECT(2) Christey, Frech | Christey> No references, no information. | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Frech> No references; closest documented match is with | CVE-2001-0346, but that"s for Windows 2000. | View |
Page 736 of 20943, showing 5 records out of 104715 total, starting on record 3676, ending on 3680
