CVE
- Id
- 1550
- CVE No.
- CVE-1999-1570
- Status
- Candidate
- Description
- Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
- Phase
- Proposed (20020830)
- Votes
- ACCEPT(4) Armstrong, Cole, Frech, Green | NOOP(3) Cox, Foat, Wall | REVIEWING(1) Christey
- Comments
- Frech> It seems as if the BID-4089 assignment on this CAN name may be | in error. | BID-4089 (Multiple Vendor SNMP Request Handling Vulnerabilities) is | already assigned to CVE-2002-0013. Also, this CVE issue seems to have | nothing to do with SNMP. | Christey> Agreed, this is the wrong BID. SecurityFocus has assigned | BID:643 to CVE-1999-1570, but there"s a bit of an | inconsistency. BID:643 alludes to Bugtraq posts in 1999 | from Brock Tellier, mentioning overflows in sar via BOTH the | -o and -f parameters. However, they also link this issue to | SCO advisory 99.17, although the advisory itself is too vague | to *really* know what vulns they fixed. And now the link | to a potentially more detailed document (sse037.ltr) | is broken. So we don"t have any independent reason for | knowing whether SCO 99.17 (a) addresses any "sar" | vulnerabilities, and (b) even if it does, whether it addresses | *both* the -o and -f arguments originally claimed by Tellier. | Finally, it seems rather curious that CSSA-2002-SCO.17 | talks about a -o overflow but does not mention -f. | Sounds like an email to the security people at SCO | is in order... | | OK. Having consulted with SCO (who responded quickly), I | looked even further into this issue. There is now sufficient | evidence that the -f overflow was fixed in 1999. This | means that a separate candidate should be created (by | CD:SF-LOC), so the -f overflow is now covered by | CVE-1999-1571. | | Need to DELREF BID:4089 | CHANGE> [Frech changed vote from NOOP to ACCEPT] | CHANGE> [Christey changed vote from NOOP to REVIEWING]
