INTERIM DECISION: ACCEPT 45 various candidates (Final 9/24)

我做出了临时决定，接受来自各个集群的以下候选人。我将在9月24日做出最终决定。这些候选人满足董事会在包容内容决定中批准的最低投票要求。但是，其中许多人只有2票。每个候选人都满足投票要求的另一部分，但是，即非投票者的工具检查和/或软件供应商已确认了问题。候选人来自以下群集：6 CGI 1 BUF 16 ntlow 4拒绝4 Norefs 4 Mult2 7 Morelow 3 cdec -Steve ==========================================================候选：候选人：CAN-1999-0002出版：最终决定：临时决定：19990922修改：提议：19990726分配：19990607类别类别：SF参考：CAR-98.12.Mountd：XF参考：XF：XF：XF：XF：XF：XF：XF：NFS Mountd中的Linux-Mountd-BO Buffer溢出，可访问远程攻击者，主要是在Linux系统中。投票：接受（2）Frech，Northcutt NOOP（1）WALL ====================================候选：候选人：-1999-0042 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: NAI:NAI-21 Reference: CERT:CA-97.09.imap_pop Reference: XF:popimap-bo Buffer华盛顿大学实施IMAP和流行服务器的溢出。投票：接受（2）墙，Frech ================================： Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990714 Assigned: 19990607 Category: SF Reference: CERT:CA-97.04.talkd Reference: FreeBSD:FreeBSD-SA-96:21 Reference: AUSCERT:AA-97.01 Reference: SUN:00147 Reference: XF:talkd-bo Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. VOTES: ACCEPT(1) Northcutt MODIFY(1) Frech NOOP(1) Shostack COMMENTS: Frech> Add to references: Frech> XF:netkit-talkd ================================= Candidate: CAN-1999-0125 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: XF:sgi-mailx-bo Reference: SGI:19980605-01-PX Buffer overflow in SGI IRIX mailx program. Modifications: CHANGEREF XF:si-mailx-bo XF:sgi-mailx-bo VOTES: ACCEPT(1) Ozancin MODIFY(1) Frech NOOP(1) Wall COMMENTS: Frech> Change XF:si-mailx-bo to XF:sgi-mailx-bo ================================= Candidate: CAN-1999-0153 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:win-oob Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. Modifications: ADDREF XF:win-oob VOTES: ACCEPT(3) Hill, Wall, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:win-oob ================================= Candidate: CAN-1999-0173 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-formmail-use FormMail CGI program can be used by web servers other than the host server that the program resides on. VOTES: ACCEPT(2) Northcutt, Frech NOOP(1) Prosser ================================= Candidate: CAN-1999-0174 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-viewsrc The view-source CGI program allows remote attackers to read any file on the system that is internally accessible by the web server. Modifications: ADDREF XF:http-cgi-viewsrc VOTES: ACCEPT(1) Northcutt MODIFY(1) Frech NOOP(1) Prosser COMMENTS: Frech> XF:http-cgi-viewsrc ================================= Candidate: CAN-1999-0177 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-website-uploader The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. VOTES: ACCEPT(2) Northcutt, Frech NOOP(1) Prosser ================================= Candidate: CAN-1999-0178 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-website-winsample The win-c-sample program in the WebSite web server has a buffer overflow that allows remote execution of commands. VOTES: ACCEPT(2) Northcutt, Frech NOOP(1) Prosser ================================= Candidate: CAN-1999-0179 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MSKB:Q140818 Reference: XF:nt-samba-dotdot Reference: XF:nt-351 Reference: XF:nt-35 Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. Modifications: ADDREF XF:nt-351 ADDREF XF:nt-35 VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> Also add: Frech> XF:nt-351 Frech> XF:nt-35 ================================= Candidate: CAN-1999-0180 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: XF:rsh-null in.rshd allows users to login with a NULL username and execute commands. Modifications: ADDREF XF:rsh-null VOTES: ACCEPT(1) Northcutt MODIFY(2) Shostack, Frech COMMENTS: Shostack> more info Frech> XF:rsh-null ================================= Candidate: CAN-1999-0191 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-newdsn IIS newdsn.exe CGI script allows remote users to overwrite files. Modifications: ADDREF XF:http-cgi-newdsn VOTES: ACCEPT(1) Northcutt MODIFY(1) Frech NOOP(1) Prosser COMMENTS: Frech> XF:http-cgi-newdsn ================================= Candidate: CAN-1999-0194 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: XF:comsat Denial of service in in.comsat allows attackers to generate messages. Modifications: ADDREF XF:comsat VOTES: ACCEPT(1) Shostack MODIFY(1) Frech NOOP(2) Northcutt, Wall COMMENTS: Frech> XF:comsat ================================= Candidate: CAN-1999-0211 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone. Modifications: DESC per Adam's comments ADDREF CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability VOTES: ACCEPT(1) Northcutt MODIFY(1) Shostack REVIEWING(1) Frech COMMENTS: Shostack> caused server to export to world ================================= Candidate: CAN-1999-0217 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: XF:udp-bomb Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. Modifications: ADDREF XF:udp-bomb VOTES: MODIFY(2) Shostack, Frech NOOP(2) Northcutt, Wall COMMENTS: Shostack> make Andre give us a reference. :) Frech> XF:udp-bomb ================================= Candidate: CAN-1999-0218 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: XF:portmaster-reboot Livingston portmaster machines could be rebooted via a series of commands. Modifications: ADDREF XF:portmaster-reboot VOTES: ACCEPT(1) Shostack MODIFY(1) Frech NOOP(2) Northcutt, Wall COMMENTS: Frech> XF:portmaster-reboot ================================= Candidate: CAN-1999-0221 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:ascend-150-kill Denial of service of Ascend routers through port 150 (remote administration). Modifications: ADDREF XF:ascend-150-kill VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech COMMENTS: Frech> XF:ascend-150-kill ================================= Candidate: CAN-1999-0224 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:nt-messenger Denial of service in Windows NT messenger service through a long username. Modifications: ADDREF XF:nt-messenger VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:nt-messenger ================================= Candidate: CAN-1999-0234 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: XF:bash-cmd Reference: CERT:CA-96.22.bash_vuls Bash treats any character with a value of 255 as a command separator. VOTES: ACCEPT(2) Ozancin, Frech NOOP(1) Wall ================================= Candidate: CAN-1999-0236 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-scriptalias ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. VOTES: ACCEPT(2) Northcutt, Frech NOOP(1) Prosser ================================= Candidate: CAN-1999-0239 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: XF:fastrack-get-directory-list Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. Modifications: ADDREF XF:fastrack-get-directory-list VOTES: MODIFY(2) Shostack, Frech NOOP(2) Northcutt, Wall COMMENTS: Shostack> needs ref Frech> XF:fastrack-get-directory-list (note only one 't' in 'fastrack') ================================= Candidate: CAN-1999-0265 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: MSKB:Q154174 Reference: ISS:ICMP Redirects Against Embedded Controllers Reference: XF:icmp-redirect ICMP redirect messages may crash or lock up a host. Modifications: ADDREF MSKB:Q154174 ADDREF ISS:ICMP Redirects Against Embedded Controllers DELREF XF:icmp-redirects VOTES: MODIFY(2) Wall, Frech COMMENTS: Wall> Reference Q154174 Frech> Remove XF:icmp-redirects Frech> Add ISS: ICMP Redirects Against Embedded Controllers ================================= Candidate: CAN-1999-0266 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: XF:http-cgi-info2www The info2www CGI script allows remote file access or remote command execution. Modifications: ADDREF XF:http-cgi-info2www VOTES: ACCEPT(1) Northcutt MODIFY(1) Frech NOOP(1) Shostack COMMENTS: Frech> XF:http-cgi-info2www ================================= Candidate: CAN-1999-0272 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:slmail-username-bo Denial of service in Slmail v2.5 through the POP3 port. Modifications: ADDREF XF:slmail-username-bo VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech COMMENTS: Frech> XF:slmail-username-bo ================================= Candidate: CAN-1999-0274 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: NAI:NAI-5 Reference: XF:nt-dns-dos Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. Modifications: ADDREF XF:nt-dns-dos VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:nt-dns-dos ================================= Candidate: CAN-1999-0288 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:nt-winsupd-fix Denial of service in WINS with malformed data to port 137 (NETBIOS Name Service). Modifications: ADDREF XF:nt-winsupd-fix VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech COMMENTS: Frech> XF:nt-winsupd-fix ================================= Candidate: CAN-1999-0292 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:nt-winpopup Denial of service through Winpopup using large user names. Modifications: ADDREF XF:nt-winpopup VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:nt-winpopup ================================= Candidate: CAN-1999-0299 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: NAI:NAI-9 Buffer overflow in FreeBSD lpd through long DNS hostnames. VOTES: ACCEPT(2) Wall, Ozancin REVIEWING(1) Frech COMMENTS: Frech> Can't find in database. See Frech>http://www.nai.com/nai_labs/asp_set/advisory/09_lpd_adv.asp================================= Candidate: CAN-1999-0349 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: EEYE:IIS Remote FTP Exploit/DoS Attack Reference: MS:MS99-003 Reference: MSKB:Q188348 Reference: BUGTRAQ:Jan27,1999 Reference: XF:iis-remote-ftp A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. Modifications: ADDREF XF:iis-remote-ftp VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech NOOP(1) Christey COMMENTS: Frech> XF:iis-remote-ftp Frech> It is extremely hard to find articles by their dates, especially Frech> for heavily trafficked groups like *Bugtraq. Is it possible to convert them Frech> to titles instead? Christey> Future references to Bugtraq postings will try to encode the Christey> date and the subject. URLs are too unstable to reference Christey> directly. ================================= Candidate: CAN-1999-0366 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MS:MS99-004 Reference: MSKB:Q214840 Reference: XF:nt-sp4-auth-error In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. Modifications: ADDREF XF:nt-sp4-auth-error VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:nt-sp4-auth-error ================================= Candidate: CAN-1999-0372 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MS:MS99-005 Reference: XF:nt-backoffice-setup Reference: MSKB:Q217004 The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. Modifications: ADDREF XF:nt-backoffice-setup ADDREF MSKB:Q217004 DESC list reboot.ini file VOTES: ACCEPT(1) Hill MODIFY(2) Wall, Frech COMMENTS: Wall> "The installer for BackOffice Server 4.0 includes account names Wall> and passwords in a setup file (reboot.ini) which is not deleted." Wall> Also reference Q217004 Frech> XF:nt-backoffice-setup ================================= Candidate: CAN-1999-0375 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990905-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NAI:February 16, 1999 Reference: BUGTRAQ:Feb16,1999 Reference: XF:nfr-webd-overflow Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands. Modifications: ADDREF XF:nfr-webd-overflow VOTES: ACCEPT(2) Northcutt, Hill MODIFY(1) Frech NOOP(1) Prosser COMMENTS: Frech> XF:nfr-webd-overflow ================================= Candidate: CAN-1999-0376 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MS:MS99-006 Reference: BUGTRAQ:Feb20,1999 Reference: L0PHT:Feb18,1999 Reference: XF:nt-knowndlls-list Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. Modifications: ADDREF XF:nt-knowndlls-list VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:nt-knowndlls-list ================================= Candidate: CAN-1999-0379 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb22,1999 Reference: MS:MS99-007 Reference: XF:win-resourcekit-taskpads Microsoft Taskpads feature allows remote web sites to execute commands on the visiting user's machine. Modifications: ADDREF XF:win-resourcekit-taskpads VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:win-resourcekit-taskpads ================================= Candidate: CAN-1999-0382 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MS:MS99-008 Reference: XF:nt-screen-saver The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. Modifications: ADDREF XF:nt-screen-saver VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:nt-screen-saver ================================= Candidate: CAN-1999-0384 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:forms-vuln-patch Reference: MS:MS99-001 The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. Modifications: ADDREF XF:forms-vuln-patch VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:forms-vuln-patch ================================= Candidate: CAN-1999-0385 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MS:MS99-009 Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services Reference: XF:ldap-exchange-overflow Reference: XF:ldap-mds-dos The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands. Modifications: ADDREF XF:ldap-exchange-overflow ADDREF XF:ldap-mds-dos VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> Change ISS:LDAP Buffer overflow against Microsoft Directory Services Frech> XF:ldap-exchange-overflow Frech> XF:ldap-mds-dos ================================= Candidate: CAN-1999-0386 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MS:MS99-010 Reference: XF:pws-file-access Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. Modifications: ADDREF XF:pws-file-access VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:pws-file-access ================================= Candidate: CAN-1999-0392 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan10,1999 Reference: XF:http-cgic-library-bo Buffer overflow in Thomas Boutell's cgic library version up to 1.05. Modifications: DESC version isn't just 1.05 VOTES: ACCEPT(1) Ozancin MODIFY(1) Frech NOOP(1) Wall COMMENTS: Frech> Change version 1.05 to versions up to and including 1.05. ================================= Candidate: CAN-1999-0402 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb2,1999 Reference: XF:wget-permissions Reference: DEBIAN:19990220 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. VOTES: ACCEPT(2) Ozancin, Frech NOOP(1) Wall ================================= Candidate: CAN-1999-0442 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan7,1999 Reference: SF:327 Solaris ff.core allows local users to modify files. VOTES: ACCEPT(2) Wall, Ozancin REVIEWING(1) Frech ================================= Candidate: CAN-1999-0457 Published: Final-Decision: Interim-Decision: 19990922 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan17,1999 Reference: DEBIAN:19990117 Reference: XF:ftpwatch-vuln Reference: SF:317 Linux ftpwatch program allows local users to gain root privileges. VOTES: ACCEPT(1) Frech MODIFY(1) Ozancin NOOP(2) Wall, Christey COMMENTS: Ozancin> A little vague. Christey> Unfortunately, the advisory is also vague. ================================= Candidate: CAN-1999-0487 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MS:MS99-011 Reference: XF:ie-dhtml-control The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. Modifications: ADDREF XF:ie-dhtml-control VOTES: ACCEPT(2) Hill, Wall MODIFY(1) Frech COMMENTS: Frech> XF:ie-dhtml-control ================================= Candidate: CAN-1999-0496 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: MSKB:Q146965 Reference: XF:nt-getadmin Reference: XF:nt-getadmin-present A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. Modifications: DESC Change the wording to describe the specific problem ADDREF XF:nt-getadmin ADDREF XF:nt-getadmin-present ADDREF MSKB:Q146965 VOTES: ACCEPT(2) Hill, Northcutt MODIFY(2) Wall, Frech NOOP(1) Christey COMMENTS: Wall> "A Windows NT 4.0 user can gain administrative rights, aka Getadmin" Wall> Also reference CIAC H-14 and Microsoft Knowledge Base article Q146965. Frech> XF:nt-getadmin Frech> XF:nt-getadmin-present Frech> XF:mssql-get-admin Christey> CIAC H-14 has to do with SGI problems ================================= Candidate: CAN-1999-0566 Published: Final-Decision: Interim-Decision: 19990922 Modified: 19990922-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: XF:ibm-syslogd Reference: XF:syslog-flood An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. Modifications: ADDREF XF:ibm-syslogd ADDREF XF:syslog-flood VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech COMMENTS: Frech> XF:ibm-syslogd Frech> XF:syslog-flood