Vulnerabilities Research Group

Present: Matt Bishop, Mike Fitzgrerald (notetaker), Todd Heberlein, Keith Herold, David O'Brien, Jeff Rowe, Omar Vanegas, Theresa White,

1. Previous Business
   1. none
2. Presentation (Matt)
3. Review of Intrusion Detection and Response Data Sharing Workshop
   1. Distributed executive summary (see proceedings or web page,
      http://seclab.cs.ucdavis.edu/projects/idrds
4. Vulnerabilities Database
   Matt plans a release at the end of the summer, of vulnerability data only (no attack data or signatures); aim is to have about 60 entries in it.
5. Bug of the week
   Keith discussed an imapd vulnerability having to do with buffer overflow. The problems is that imapd takes 8K of data and tries to put it into a 1K buffer. This version of imapd was distributed with pine version 4.0, and a patch has already been distributed