[Secure-testing-commits] r890 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Fri, 22 Apr 2005 10:05:05 +0000
Author: jmm-guest
Date: 2005-04-22 10:05:01 +0000 (Fri, 22 Apr 2005)
New Revision: 890
Modified:
sarge-checks/CAN/list
Log:
CANified xine-lib and egroupware
Lots of not-for-us.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-04-22 09:18:28 UTC (rev 889)
+++ sarge-checks/CAN/list 2005-04-22 10:05:01 UTC (rev 890)
@@ -1,24 +1,24 @@
-begin claimed by jmm
CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
- TODO: check
+ NOTE: not-for-us (Desktop Rover)
CAN-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...)
- TODO: check
+ - egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
- TODO: check
+ - egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZBB before 1.0.08 ...)
- TODO: check
+ NOTE: not-for-us (AZbb)
CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...)
- TODO: check
+ NOTE: not-for-us (AZbb)
CAN-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...)
- TODO: check
+ NOTE: not-for-us (UBB.threads)
CAN-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
- TODO: check
+ NOTE: not-for-us (Anaconda Foundation Directory)
CAN-2005-1197 (SQL injection vulnerability in the ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
- TODO: check
+ NOTE: not-for-us (PHPBB Knowledgebase Mod)
CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
- TODO: check
+ NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian
+ - xine-lib (unfixed; bug #305343)
CAN-2005-1194
NOTE: reserved
CAN-2005-1193
@@ -26,143 +26,144 @@
CAN-2005-1192
NOTE: reserved
CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2001-1476 (SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" ...)
- TODO: check
+ NOTE: not-for-us (Commercial SSH)
CAN-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...)
- TODO: check
+ NOTE: not-for-us (Commercial SSH)
CAN-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
- TODO: check
+ NOTE: not-for-us (Commercial SSH)
CAN-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
- TODO: check
+ NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
+ TODO: check whether that's properly documented
CAN-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
TODO: check
CAN-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
TODO: check
CAN-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...)
+ NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
TODO: check
CAN-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
+ NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
TODO: check
CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...)
- TODO: check
+ NOTE: not-for-us (phpSecurePages)
CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
TODO: check
CAN-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...)
- TODO: check
+ NOTE: not-for-us (VanDyke SecureCRT)
CAN-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...)
- TODO: check
+ NOTE: not-for-us (SurfControl SuperScout)
CAN-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
- TODO: check
+ NOTE: not-for-us (Crystal Reports)
CAN-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...)
- TODO: check
+ NOTE: not-for-us (RhinoSoft Serv-U)
CAN-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
- TODO: check
+ NOTE: not-for-us (RSA Security SecurID)
CAN-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
- TODO: check
+ NOTE: not-for-us (RSA Security SecurID)
CAN-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...)
- TODO: check
+ NOTE: not-for-us (PostNuke)
CAN-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...)
- TODO: check
+ - openssh 3.0.1p1-1
CAN-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...)
- TODO: check
+ NOTE: not-for-us (Novell Groupwise)
CAN-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...)
- TODO: check
+ NOTE: not-for-us (CrazyWWWBoard)
CAN-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...)
- TODO: check
+ NOTE: not-for-us (Gauntlet Firewall)
CAN-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Netegrity SiteMinder)
CAN-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...)
- TODO: check
+ - mysql-dfsg 3.23.33-1
CAN-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...)
- TODO: check
+ - mysql-dfsg 3.23.33-1
CAN-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
- TODO: check
+ NOTE: not-for-us (Mandrake specific packaging flaw)
CAN-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...)
- TODO: check
+ NOTE: not-for-us (Magic eDeveloper)
CAN-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
- TODO: check
+ NOTE: not-for-us (MacOS X)
CAN-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
- TODO: check
+ NOTE: not-for-us (Lotus Domino)
CAN-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
TODO: check
CAN-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
TODO: check
CAN-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
- TODO: check
+ - inn2 2.3.3+20020922-1
+ TODO: Verify whether this applies to inn as well
CAN-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...)
- TODO: check
+ NOTE: not-for-us (VisualAge for Java)
CAN-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...)
- TODO: check
+ NOTE: not-for-us (HP-UX)
CAN-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...)
- TODO: check
+ NOTE: not-for-us (Handspring Visor)
CAN-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...)
- TODO: check
+ NOTE: not-for-us (easyScripts easyNews)
CAN-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...)
- TODO: check
+ NOTE: not-for-us (Dallas Semiconductor iButton DS1991)
CAN-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Tru64 UNIX)
CAN-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...)
- TODO: check
+ NOTE: not-for-us (IOS)
CAN-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Quikstore Shopping Cart)
CAN-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
TODO: check
CAN-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
TODO: check
CAN-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
- TODO: check
+ - gcc-3.3 3.3.4-1
CAN-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
- TODO: check
+ NOTE: not-for-us (Lotus Domino)
CAN-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-1999-1582 (By design, the "established" command on the Cisco PIX firewall allows ...)
- TODO: check
+ NOTE: not-for-us (Cisco PIX)
CAN-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
- TODO: check
+ NOTE: not-for-us (Sun's sendmail)
CAN-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
- TODO: check
+ NOTE: not-for-us (Acrobat Reader)
CAN-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...)
- TODO: check
+ NOTE: not-for-us (Kodak/Wang tools for IE)
CAN-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-1999-1573 (Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (HP-UX)
CAN-2005-XXXX [Minor directory traversal bugs in cpio and gzip]
- gzip (unfixed; bug #305255)
- cpio (unfixed)
-CAN-2005-XXXX [Multiple security issues in egroupware]
- - egroupware 1.0.0.007-2.dfsg-1
CAN-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...)
NOTE: not-for-us (Windows)
CAN-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...)
@@ -202,8 +203,6 @@
NOTE: reserved
CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
NOTE: not-for-us (Oracle)
-CAN-2005-XXXX [Heap overflow in xine-lib's RTSP streaming code]
- - xine-lib (unfixed; bug #305343)
CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
NOTE: not-for-us (PMSoftware Simple Web Server)
CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)