CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 823 | CVE-1999-0843 | Candidate | Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port. | Proposed (19991208) | ACCEPT(3) Balinsky, Cole, Stracener | MODIFY(1) Frech | NOOP(2) Armstrong, Baker | REVIEWING(3) Christey, Prosser, Ziese | Frech> XF:cisco-nat-dos | Christey> Mike Prosser"s REVIEWING vote expires July 17, 2000 | Ziese> After reviewing | http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml | I can not confirm this exists unless it"s restructred to | describe a problem against IOS per se; not NAT per se. I am | reviewing this and it may take some time. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Not sure if Kevin"s suggested reference really describes this | one. However, a followup email by Jim Duncan of Cisco does | acknowledge the problem as discussed in the Bugtraq post: | http://marc.theaimsgroup.com/?l=vuln-dev&m=94385601831585&w=2 | The original post is: | http://marc.theaimsgroup.com/?l=bugtraq&m=94184947504814&w=2 | | It could be that the researcher believed that the problem was | NAT, but in fact it wasn"t. | | I need to follow up with Ziese/Balinsky on this one. | View |
| 454 | CVE-1999-0455 | Candidate | The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. | Modified (19991210-01) | ACCEPT(3) Balinsky, Frech, Ozancin | MODIFY(1) Wall | NOOP(1) Baker | REVIEWING(1) Christey | Wall> The reference should be ASB99-01 (Expression Evaluator Security Issues) | make application plural since there are three sample applications | (openfile.cfm, displayopenedfile.cfm, and exprcalc.cfm). | Christey> The CD:SF-EXEC and CD:SF-LOC content decisions apply here. | Since there are 3 separate "executables" with the same | (or similar) problem, we need to make sure that CD:SF-EXEC | determines what to do here. There is evidence that some | of these .cfm scripts have an "include" file, and if so, | then CD:SF-LOC says that we shouldn"t make separate entries | for each of these scripts. On the other hand, the initial | L0pht discovery didn"t include all 3 of these scripts, and | as far as I can tell, Allaire had patched the first problem | before the others were discovered. So, CD:DISCOVERY-DATE | may argue that we should split these because the problems | were discovered and patched at different times. | | In any case, this candidate can not be accepted until the | Editorial Board has accepted the CD:SF-EXEC, CD:SF-LOC, | and CD:DISCOVERY-DATE content decisions. | View |
| 1729 | CVE-2000-0151 | Candidate | GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | Proposed (20000216) | ACCEPT(3) Bishop, Blake, Levy | MODIFY(1) Frech | NOOP(3) Baker, Cole, LeBlanc | REJECT(1) Christey | Frech> XF:gnu-makefile-tmp-root | (We have made assignment to two CANs. Requesting confirmation that this is | not a duplicate of CVE-2000-0092: The BSD make program allows local users to | modify files via a symlink attack when the -j option is being used.) | Christey> To confirm Andre"s question, this is being treated as | different from CVE-2000-0092, based largely on the fact | that the exploit is different. I believe there was | another reason for keeping these distinct, but that | "deeper analysis" was not recorded :-( While it"s possible | that this is the same bug from some common version of make, | in the absence of other information we should probably | keep these two split. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> Taking a fresh look at the diff"s for FreeBSD make: | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc | And Debian make: | http://security.debian.org/dists/slink/updates/source/make_3.77-5slink.diff.gz | | OK... now that I"ve hurt my brain looking at the code, while | there are major differences in the surrounding code, | ultimately both FreeBSD and Debian create an "outfile" file | descriptor for the temporary file, within main() in main.c. | In addition, child_execute_job() in job.c uses an outfile | variable - for both sources. | | Perhaps FreeBSD reported the -j problem without seeing that it | could come in from stdin as well, and/or Debian/etc. didn"t realize | that it was exploitable from job control, or maybe a combination of | the two. Regardless, the two problems are the same. | | Phew! There goes a half-hour of my life that I"ll never be | able to get back... | View |
| 1721 | CVE-2000-0143 | Candidate | The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP. | Interim (20001011) | ACCEPT(3) Blake, Cole, LeBlanc | MODIFY(1) Frech | NOOP(2) Baker, Bishop | REJECT(1) Levy | REVIEWING(1) Christey | Frech> XF:ssh-redirect-tcp-connection | CHANGE> [Cole changed vote from REVIEWING to ACCEPT] | Christey> Examine the thread at | http://marc.theaimsgroup.com/?l=bugtraq&m=95055978131077&w=2 | to ensure that this problem is being characterized | appropriately. | Levy> SSH is working as designed. The fact that some of its interactions | are not forseen by some is not a vulnerability. | View |
| 970 | CVE-1999-0990 | Candidate | Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. | Interim (19991229) | ACCEPT(3) Blake, Cole, Stracener | MODIFY(1) Frech | NOOP(1) Baker | Frech> XF:verbose-auth-identify-user(3804) | View |
Page 956 of 20943, showing 5 records out of 104715 total, starting on record 4776, ending on 4780
