[Secure-testing-commits] r736 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Sun, 03 Apr 2005 22:29:03 +0000
Author: jmm-guest
Date: 2005-04-03 22:29:00 +0000 (Sun, 03 Apr 2005)
New Revision: 736
Modified:
sarge-checks/CAN/list
Log:
This "DoS" doesn't look like an issue IMO.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-03 21:56:10 UTC (rev 735)
+++ sarge-checks/CAN/list 2005-04-03 22:29:00 UTC (rev 736)
@@ -1512,8 +1512,13 @@
CAN-2005-0488
NOTE: reserved
CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
- NOTE: only a DOS; page with example is down, so cannot check.
- TODO: check
+ NOTE: This is not a real security issue; it just describes the fact that the Gecko
+ NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
+ NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
+ NOTE: during transfer any user will cancel the transfer and if you load it from the
+ NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
+ NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
+ NOTE: generally try to make sense of anything even remotely resembling HTML.
CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
NOTE: not-for-us (mailcarrier)
CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)