[Secure-testing-commits] r1257 - data/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Wed, 22 Jun 2005 23:49:00 +0000
Author: jmm-guest
Date: 2005-06-22 23:48:58 +0000 (Wed, 22 Jun 2005)
New Revision: 1257
Modified:
data/CAN/list
Log:
lots of not-for-us and issues fixed for long. unclaim the
rest of the legacy ones for now and claim a block of the
fresh ones instead.
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-06-22 23:21:53 UTC (rev 1256)
+++ data/CAN/list 2005-06-22 23:48:58 UTC (rev 1257)
@@ -1,3 +1,4 @@
+begin claimed by jmm
CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
TODO: check
CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
@@ -46,6 +47,7 @@
TODO: check
CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
TODO: check
+end claimed by jmm
CAN-2005-2020
NOTE: reserved
CAN-2005-2019
@@ -278,19 +280,18 @@
TODO: check
CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
TODO: check
-begin claimed by jmm
CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
- TODO: check
+ NOTE: not-for-us (BasiliX)
CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
- TODO: check
+ NOTE: not-for-us (BasiliX)
CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
- TODO: check
+ NOTE: not-for-us (BasiliX)
CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
- TODO: check
+ NOTE: not-for-us (BasiliX)
CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and ...)
- TODO: check
+ - phpbb2 2.0.6c-1
CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
TODO: check
CAN-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" ...)
@@ -304,29 +305,29 @@
CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
TODO: check
CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
TODO: check
CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
- TODO: check
+ NOTE: not-for-us (Microsoft Outlook plugin)
CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
- TODO: check
+ NOTE: not-for-us (Norton)
CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
- TODO: check
+ NOTE: not-for-us (Alcatel hardware issue)
CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
TODO: check
CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
@@ -350,31 +351,33 @@
CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
TODO: check
CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
- TODO: check
+ NOTE: kfreebsd use a much more recent version of the freebsd kernel
+ NOTE: not-for-us (FreeBSD)
CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
TODO: check
CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
TODO: check
CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (HP-UX)
CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
- TODO: check
+ NOTE: kfreebsd use a much more recent version of the freebsd kernel
+ NOTE: not-for-us (FreeBSD)
CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
TODO: check
CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
- TODO: check
+ - tinc 1.0pre5-1
CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOTE: not-for-us (Lotus Notes)
CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
- TODO: check
+ NOTE: not-for-us (Sun)
CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
TODO: check
CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
@@ -382,48 +385,47 @@
CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
TODO: check
CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
- TODO: check
+ NOTE: not-for-us (Check Point)
CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
- TODO: check
+ NOTE: not-for-us (mod_bf)
CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
TODO: check
CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
TODO: check
CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
- TODO: check
+ - util-linux 2.11n-1
CAN-2001-1492 ( ...)
TODO: check
CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
TODO: check
CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
- TODO: check
+ NOTE: not-for-us (Open Projects ircd)
CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
TODO: check
CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
- TODO: check
+ NOTE: not-for-us (Alcatel hardware issue)
CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
TODO: check
CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
- TODO: check
+ NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
- TODO: check
+ NOTE: not-for-us (Xitami)
CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
- TODO: check
+ NOTE: not-for-us (Sun Java)
CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
- TODO: check
+ NOTE: not-for-us (Sun)
CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
- TODO: check
+ NOTE: not-for-us (UnixWare)
CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
- TODO: check
+ - snort 1.6.1-1
CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
- TODO: check
-end claimed by jmm
+ NOTE: not-for-us (Xitami)
CAN-2005-XXXX [File upload vulnerability in trac]
- trac 0.8.4-1
CAN-2005-XXXX [Race condition in sudo's pathname validation]