[Secure-testing-commits] r408 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 14 Feb 2005 23:42:21 +0100
Author: joeyh
Date: 2005-02-14 23:42:18 +0100 (Mon, 14 Feb 2005)
New Revision: 408
Modified:
sarge-checks/CAN/list
Log:
Checked a boatload of new CANs.
De-claimed some of the 2004 CANs that have just been published, as I ran
out of energy, I hope someone else can do them..
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-14 20:59:40 UTC (rev 407)
+++ sarge-checks/CAN/list 2005-02-14 22:42:18 UTC (rev 408)
@@ -1,43 +1,44 @@
-begin claimed by joeyh
-
CAN-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...)
- TODO: check
+ NOTE: not-for-us (Trend Micro Control Manager)
CAN-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Breed game)
CAN-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...)
- TODO: check
+ NOTE: not-for-us (forumKIT)
CAN-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...)
- TODO: check
+ NOTE: not-for-us (ZeroBoard)
CAN-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...)
- TODO: check
+ NOTE: not-for-us (ZeroBoard)
CAN-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
- TODO: check
+ NOTE: horde 2.0 not vulnerable
CAN-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
- TODO: check
+ NOTE: not-for-us (sgallery)
CAN-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...)
- TODO: check
+ NOTE: not-for-us (sgallery)
CAN-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (sgallery)
CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
- TODO: check
+ NOTE: not-for-us (bitboard)
CAN-2005-0373 (Buffer overflow in digestmda5.c in Cyrus-SASL before 2.1.18-r1 allows ...)
- TODO: check
+ NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
+ NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
+ NOTE: cyrus-sasl2 already has patch applied
+ NOTE: cyrus-sasl code seems too old for any of the problems to apply
CAN-2005-0372
NOTE: reserved
CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
- TODO: check
+ - armagetron (unfixed; bug #295294)
CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
- TODO: check
+ - armagetron (unfixed; bug #295294)
CAN-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
- TODO: check
+ - armagetron (unfixed; bug #295294)
CAN-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...)
- TODO: check
+ NOTE: not-for-us (CMScore)
CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
- TODO: check
+ NOTE: not-for-us (ArGoSoft Mail Server)
CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
- TODO: check
+ NOTE: not-for-us (openpgp)
CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
- TODO: check
+ NOTE: not-for-us (bind on hp-ux)
CAN-2005-0361
NOTE: reserved
CAN-2005-0360
@@ -61,57 +62,60 @@
CAN-2005-0351
NOTE: reserved
CAN-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
- TODO: check
+ NOTE: not-for-us (F-Secure Anti-Virus)
CAN-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
- TODO: check
+ NOTE: not-for-us (BrightStor ARCserve Backup)
CAN-2004-9999
NOTE: rejected
- TODO: check
CAN-2004-9998
NOTE: rejected
- TODO: check
CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
- TODO: check
+ NOTE: not-for-us (Serviceguard and Cluster Object Manager on HP-UX, HP Linux)
CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
- TODO: check
+ NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped
+ NOTE: atftp checks h_length
+ NOTE: netkit-tftp not vulnerable
+ - tftpd-hpa (unfixed; bug #295297)
CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
- TODO: check
+ - socat 1.4.0.3-1
CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
- TODO: check
+ NOTE: not-for-us (Symantec Clientless VPN Gateway 4400 Series)
CAN-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...)
- TODO: check
+ NOTE: not-for-us (BNC irc proxy)
CAN-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...)
- TODO: check
+ NOTE: not-for-us (Real)
CAN-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
- TODO: check
+ NOTE: not-for-us (HP StorageWorks Command View XP)
CAN-2004-1479 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...)
- TODO: check
+ NOTE: not-for-us (JRun 4.0 and Macromedia ColdFusion MX)
CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
- TODO: check
+ NOTE: not-for-us (JRun)
CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
- TODO: check
+ NOTE: not-for-us (JRun)
CAN-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
- TODO: check
+ - xine-lib 1-rc6
+ - libcdio 0.69
CAN-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
- TODO: check
+ - xine-lib 1-rc6
CAN-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
- TODO: check
+ NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
CAN-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
- TODO: check
+ NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
CAN-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
- TODO: check
+ NOTE: not-for-us (Symantec Enterprise Firewall/VPN Appliances)
CAN-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
- TODO: check
+ - cvs 1.12.9
CAN-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...)
- TODO: check
+ NOTE: not-for-us (snipsnap)
CAN-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...)
- TODO: check
+ NOTE: not-for-us (SUS)
CAN-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
- TODO: check
+ - webmin 1.160
+ - usermin 1.090
CAN-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
- TODO: check
+ - egroupware 1.0.00.004
CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
- TODO: check
+ - gallery 1.4.4-pl2
CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
TODO: check
CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
@@ -258,9 +262,6 @@
TODO: check
CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
TODO: check
-
-end claimed by joeyh
-
CAN-2005-0365 (The dcopidlng script in KDE 3.3.2 creates temporary files with ...)
- kdelibs 4:3.3.2-2
CAN-2005-0363
@@ -272,7 +273,7 @@
NOTE: http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff
NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
- TODO: check
+ NOTE: not-for-us (Woltlab Burning Book)
CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
NOTE: not-for-us (RealArcade)
CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
@@ -862,7 +863,7 @@
CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
NOTE: not-for-us (DataRescue Interactive Disassembler)
CAN-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
- TODO: check
+ NOTE: not-for-us (ZoneAlarm)
CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
NOTE: not-for-us (IRIX)
CAN-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)