CVE
- Id
- 380
- CVE No.
- CVE-1999-0381
- Status
- Candidate
- Description
- super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
- Phase
- Proposed (19990726)
- Votes
- ACCEPT(7) Baker, Blake, Cole, Frech, Landfield, Levy, Ozancin | MODIFY(1) Bishop | NOOP(2) Armstrong, Wall | REVIEWING(1) Christey
- Comments
- Christey> Is this the same as CVE-1999-0373? They both have the same | X-Force reference. | | BID:342 suggests that there are two. | | http://www.debian.org/security/1999/19990215a suggests | that there are two. However, CVE-1999-0373 is written up in | a fashion that is too general; and both XF:linux-super-bo and | XF:linux-super-logging-bo refer to CVE-1999-0373. | CVE-1999-0373 may need to be split. | | Frech> From what I can surmise, ISS released the original advisory (attached to | linux-super-bo), and Sekure SDI expanded on it by releasing another related | overflow in syslog (which is linux-super-logging-bo). | | When I was originally assigning these issues, I placed both XF references | and the ISS advisory on the -0373 candidate, since there was nothing else | available. Based on the information above, I"d request that | XF:linux-super-logging-bo be removed from CVE-1999-0373. | Christey> Given Andre"s feedback, these are different issues. | CVE-1999-0373 does not need to be split because the ISS | reference is sufficient to distinguish that CVE from this | candidate; however, the CVE-1999-0373 description should | probably be modified slightly. | Bishop> (as indicated by Christey) | CHANGE> [Cole changed vote from NOOP to ACCEPT] | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> There are 2 bugs, as confirmed by the super author at: | BUGTRAQ:19990226 Buffer Overflow in Super (new) | http://www.securityfocus.com/archive/1/12713 | BID:397 also seems to cover this one, and it may cover | CVE-1999-0373 as well.
