CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3926 | CVE-2001-1122 | Candidate | Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in "SPECIAL" mode. | Proposed (20020315) | ACCEPT(3) Foat, Frech, Green | NOOP(2) Baker, Cole | REJECT(2) Armstrong, Ziese | REVIEWING(1) Wall | Ziese> fact that important system | files are not appropriately secured from user, a/o admin, level access. | Green> ACCESS TO THE WINNT/SYSTEM32 DIRECTORY, ALLOWING FOR A DoS TO BE PERFORMED. | Foat> Our attempts to repair the computer with the Windows NT cd-rom failed. | The machine still would not allow logins. Tried two different NT 4.0 CD"s. Both | CD"s gave the error message that the file MSV1_0.dll read okay but is invalid on | the hard drive. It says the CD is probably defective. | Armstrong> I don"t believe that a privileged user being able to run code | on a system is a vulnerability. | Baker> I generally agree that unless you are elevating your priveleges, this should not be listed as a vulnerability. | CHANGE> [Baker changed vote from REVIEWING to NOOP] | View |
| 4902 | CVE-2002-0510 | Candidate | The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. | Proposed (20020611) | ACCEPT(3) Foat, Frech, Green | NOOP(3) Cole, Cox, Wall | CHANGE> [Cox changed vote from REVIEWING to NOOP] | Cox> So I asked some kernel guys about this - it"s not considered | an issue. There are several other ways to identify Linux on | the wire and people who care about this kind of thing rewrite | their packets in various ways via firewall technology to trick | the identifier programs. | View |
| 3517 | CVE-2001-0709 | Candidate | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | Proposed (20010829) | ACCEPT(3) Foat, Frech, Ziese | NOOP(3) Armstrong, Bishop, Cole | REVIEWING(1) Wall | CHANGE> [Armstrong changed vote from REVIEWING to NOOP] | CHANGE> [Foat changed vote from NOOP to ACCEPT] | View |
| 316 | CVE-1999-0317 | Candidate | Buffer overflow in Linux su command gives root access to local users. | Modified (19991216-01) | ACCEPT(3) Frech, Hill, Northcutt | NOOP(1) Prosser | RECAST(1) Baker | REVIEWING(1) Christey | Christey> DUPE CVE-1999-0845? | Also, ADDREF XF:unixware-su-username-bo | A report summary by Aleph One states that nobody was able to | confirm this problem on any Linux distribution. | Baker> If this is the same as the unixware, the n it is a dupe of 1999-0845. There is about a two and half month difference in the bugtraq reporting of these. | Sounds like the same bug however... | Christey> XF:su-bo no longer seems to exist. | How about XF:linux-subo(734) ? | http://xforce.iss.net/static/734.php | | BID:475 also seems to describe the same problem | (http://www.securityfocus.com/bid/475) in which case, | vsyslog is blamed in: | BUGTRAQ:19971220 Linux vsyslog() overflow | http://www.securityfocus.com/archive/1/8274 | View |
| 318 | CVE-1999-0319 | Candidate | Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. | Proposed (19990623) | ACCEPT(3) Frech, Hill, Northcutt | NOOP(2) Baker, Prosser | REVIEWING(1) Christey | Christey> BUGTRAQ:19961126 Security Problems in XMCD 2.1 | A followup to this post says that xmcd is not suid here. | View |
Page 986 of 20943, showing 5 records out of 104715 total, starting on record 4926, ending on 4930
