[Secure-testing-commits] r1453 - data/CAN

Joey Hess joeyh at costa.debian.org
Fri Jul 22 01:15:00 UTC 2005 

Author: joeyh
Date: 2005-07-22 01:14:56 +0000 (Fri, 22 Jul 2005)
New Revision: 1453

Modified:
   data/CAN/list
Log:
processed a few old CANs


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-07-21 22:32:16 UTC (rev 1452)
+++ data/CAN/list	2005-07-22 01:14:56 UTC (rev 1453)
@@ -271,65 +271,69 @@
 	TODO: check
 end claimed by zobel
 CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
-	TODO: check
+	NOTE: presumably fixed in linux 2.4.12
 CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...)
-	TODO: check
+	NOTE: not-for-us (Openwave WAP gateway)
 CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...)
-	TODO: check
+	NOTE: not-for-us (CMG WAP gateway)
 CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
-	TODO: check
+	NOTE: not-for-us (Lotus Domino)
 CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...)
-	TODO: check
+	- vanessa-logger 0.0.2
 CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
-	TODO: check
+	NOTE: not-for-us (MacOS)
 CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...)
-	TODO: check
+	NOTE: not-for-us (HP-UX)
 CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...)
-	TODO: check
+	NOTE: not-for-us (Tomcat 3.2.1 running on HP Secure OS)
 CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...)
-	TODO: check
+	- nvi 1.79-16a.1
+	NOTE: was DSA 085
 CAN-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...)
-	TODO: check
+	NOTE: DSA 082
+	- xvt 2.1-13
 CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
-	TODO: check
+	NOTE: not-for-us (OpenBSD)
 CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
-	TODO: check
+	- snort 1.8.3
 CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2001-1556 (The log files in Apache web server contain information directly ...)
-	TODO: check
+	NOTE: documented issue in apache, unlikely to be changed
+	NOTE: see http://httpd.apache.org/docs/logs.html
 CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...)
-	TODO: check
+	NOTE: not-for-us (Solaris)
 CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
-	TODO: check
+	NOTE: not-for-us (AIX)
 CAN-2001-1553 (Buffer overflow in setiathome for SETI at home 3.03, if installed setuid, ...)
-	TODO: check
+	NOTE: not suid in debian
 CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
-	TODO: check
+	NOTE: no info in CVE db about fix
+	TODO: check with current kernel on a system with quotas
 CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
-	TODO: check
+	NOTE: not-for-us (Centra)
 CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...)
-	TODO: check
+	NOTE: not-for-us (Tiny Personal Firewall)
 CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...)
-	TODO: check
+	NOTE: not-for-us (Tiny Personal Firewall)
 CAN-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be saved or ...)
-	TODO: check
+	NOTE: not-for-us (Outlook)
 CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...)
-	TODO: check
+	NOTE: not-for-us (Pathways Homecare)
 CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...)
-	TODO: check
+	NOTE: not-for-us (Macromedia JRun)
 CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...)
-	TODO: check
+	NOTE: not-for-us (Macromedia JRun)
 CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
-	TODO: check
+	NOTE: not-for-us (Axis network camera)
 CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
 	TODO: check
 CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)

More information about the Secure-testing-commits mailing list