CVE
- Id
- 61
- CVE No.
- CVE-1999-0061
- Status
- Candidate
- Description
- File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
- Phase
- Proposed (19990630)
- Votes
- ACCEPT(3) Frech, Hill, Northcutt | RECAST(1) Baker | REVIEWING(1) Christey
- Comments
- Christey> This should be split into three separate problems based on | the SNI advisory. But there"s newer information to further | complicate things. | | What do we do about this one? in 1997 or so, SNI did an | advisory on this problem. In early 2000, it was still | discovered to be present in some Linux systems. So an | SF-DISCOVERY content decision might say that this is a | long enough time between the two, so this should be recorded | separately. But they"re the same codebase... so if we keep | them in the same entry, how do we make sure that this entry | reflects that some new information has been discovered? | | The use of dot notation may help in this regard, to use one | dot for the original problem as discovered in 1997, and | another dot for the resurgence of the problem in 2000. | Baker> We should merge these. | Christey> Perhaps this should be NAI-19 instead of NAI-20? | The original Bugtraq post for the SNI advisory suggests SNI-19: | BUGTRAQ:19971002 SNI-19:BSD lpd vulnerability | URL:SNI-19:BSD lpd vulnerability | | Also add: | BUGTRAQ:19971021 SNI-19: BSD lpd vulnerabilities (UPDATE) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87747479514310&w=2 | | However, archives of "NAI-0020" point to the lpd vuln. | | If I recall correctly, some of the NAI advisory numbers got | switched when NAI acquired SNI.
