[Secure-testing-commits] r592 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Mon, 21 Mar 2005 11:26:26 +0100
Author: joeyh
Date: 2005-03-21 11:26:23 +0100 (Mon, 21 Mar 2005)
New Revision: 592
Modified:
sarge-checks/CAN/list
Log:
not so automatic update, makeing sure the new script works ok
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-21 10:24:02 UTC (rev 591)
+++ sarge-checks/CAN/list 2005-03-21 10:26:23 UTC (rev 592)
@@ -1,4 +1,168 @@
-CAN-2005-XXXX (OmniORB serverCallTimeOutPeriod DoS)
+CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
+ TODO: check
+CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
+ TODO: check
+CAN-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...)
+ TODO: check
+CAN-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...)
+ TODO: check
+CAN-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...)
+ TODO: check
+CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
+ TODO: check
+CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
+ TODO: check
+CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
+ TODO: check
+CAN-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...)
+ TODO: check
+CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
+ TODO: check
+CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
+ TODO: check
+CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
+ TODO: check
+CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
+ TODO: check
+CAN-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...)
+ TODO: check
+CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
+ TODO: check
+CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
+ TODO: check
+CAN-2005-0807 (Heap-based buffer overflow in the PSK sniffer for Cain & Abel 2.65 ...)
+ TODO: check
+CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
+ TODO: check
+CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
+ TODO: check
+CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
+ TODO: check
+CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
+ TODO: check
+CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
+ TODO: check
+CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...)
+ TODO: check
+CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
+ TODO: check
+CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
+ TODO: check
+CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
+ TODO: check
+CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
+ TODO: check
+CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
+ TODO: check
+CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
+ TODO: check
+CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...)
+ TODO: check
+CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
+ TODO: check
+CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
+ TODO: check
+CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
+ TODO: check
+CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
+ TODO: check
+CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
+ TODO: check
+CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
+ TODO: check
+CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
+ TODO: check
+CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
+ TODO: check
+CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackres to obtain sensitive ...)
+ TODO: check
+CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
+ TODO: check
+CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
+ TODO: check
+CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
+ TODO: check
+CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
+ TODO: check
+CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
+ TODO: check
+CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
+ TODO: check
+CAN-2005-0773
+ NOTE: reserved
+CAN-2005-0772
+ NOTE: reserved
+CAN-2005-0771
+ NOTE: reserved
+CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
+ TODO: check
+CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
+ TODO: check
+CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
+ TODO: check
+CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
+ TODO: check
+CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
+ TODO: check
+CAN-2005-0764
+ NOTE: reserved
+CAN-2005-0763
+ NOTE: reserved
+CAN-2005-0762
+ NOTE: reserved
+CAN-2005-0761
+ NOTE: reserved
+CAN-2005-0760
+ NOTE: reserved
+CAN-2005-0759
+ NOTE: reserved
+CAN-2005-0758
+ NOTE: reserved
+CAN-2005-0757
+ NOTE: reserved
+CAN-2005-0756
+ NOTE: reserved
+CAN-2005-0755
+ NOTE: reserved
+CAN-2005-0754
+ NOTE: reserved
+CAN-2005-0753
+ NOTE: reserved
+CAN-2005-0752
+ NOTE: reserved
+CAN-2005-0751
+ NOTE: reserved
+CAN-2005-0750
+ NOTE: reserved
+CAN-2005-0749
+ NOTE: reserved
+CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
+ TODO: check
+CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
+ TODO: check
+CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
+ TODO: check
+CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
+ TODO: check
+CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
+ TODO: check
+CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
+ TODO: check
+CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
+ TODO: check
+CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
+ TODO: check
+CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
+ TODO: check
+CAN-2005-XXXX
- omniorb4 4.0.5-2
CAN-2005-0789 Possible remote access to arbitrary files in Limewire
- limewire (unfixed; bug #300634)
@@ -28,7 +192,7 @@
NOTE: not-for-us (YaBB)
CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
NOTE: not-for-us (OpenBSD)
-CAN-2005-0739 (The IAPP dissector for Ethereal 0.9.1 to 0.9.9 does not properly use ...)
+CAN-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
- ethereal 0.9.10
CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...)
NOTE: not-for-us (Microsoft)
@@ -189,11 +353,9 @@
NOTE: not-for-us (Ipswitch Collaboration Suite)
CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
- grip 3.2.0-4
-CAN-2005-0705
- NOTE: reserved
+CAN-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...)
- ethereal 0.10.10-1
-CAN-2005-0704
- NOTE: reserved
+CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...)
- ethereal 0.10.10-1
CAN-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...)
NOTE: not-fro-us (not our cpanel)
@@ -362,10 +524,10 @@
NOTE: not-for-us (paNews)
CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
NOTE: not-for-us (CuteNews)
-CAN-2005-0644
- NOTE: reserved
-CAN-2005-0643
- NOTE: reserved
+CAN-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
+ TODO: check
+CAN-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
+ TODO: check
CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
NOTE: not-for-us (Computer Associates UAM)
CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
@@ -378,7 +540,7 @@
CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
- xli 1.17.0-18
- xloadimage 4.1-14.1
-CAN-2005-0637 (The copy functions in locore.s in OpenBSD 3.5 and 3.6 may allow ...)
+CAN-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
NOTE: not-for-us (OpenBSD)
CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
NOTE: not-for-us (Foxmail)
@@ -758,8 +920,8 @@
NOTE: not-for-us (PeerFTP)
CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...)
NOTE: not-for-us (ImageGalleryPlugin for Twiki)
-CAN-2005-0515
- NOTE: reserved
+CAN-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...)
+ TODO: check
CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
NOTE: not-for-us (Verity Ultraseek)
CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...)
@@ -1447,8 +1609,7 @@
- racoon 1:0.5-5
CAN-2005-0397 (Format string vulnerability in ImageMagick before 6.0.2.5 allows ...)
- imagemagick 6:6.0.6.2-2.2
-CAN-2005-0396
- NOTE: reserved
+CAN-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
- kdelibs 3.3.2-4
CAN-2005-0395
NOTE: reserved
@@ -1471,11 +1632,9 @@
NOTE: reserved
CAN-2005-0386
NOTE: reserved
-CAN-2005-0385
- NOTE: reserved
+CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
{DSA-693-1}
-CAN-2005-0384 (Linux kernel malformed PPP packet remote DoS)
- NOTE: reserved
+CAN-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
- kernel-source-2.6.8 (pending; fixed in debian-kernel SVN)
- kernel-source-2.4.27 (pending; fixed in debian-kernel SVN)
CAN-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...)
@@ -1542,8 +1701,8 @@
NOTE: reserved
CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
NOTE: not-for-us (Sentinel License Manager)
-CAN-2005-0352
- NOTE: reserved
+CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
+ TODO: check
CAN-2005-0351
NOTE: reserved
CAN-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
@@ -1748,7 +1907,7 @@
- monit 1:4.2.1-1
CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
- monit 1:4.2.1-1
-CAN-2005-0365 (The dcopidlng script in KDE 3.3.2 creates temporary files with ...)
+CAN-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...)
- kdelibs 4:3.3.2-2
CAN-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...)
{DSA-682-1}
@@ -1799,7 +1958,7 @@
NOTE: not-for-us (Painkiller)
CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
NOTE: not-for-us (ZipGenius)
-CAN-2005-0328 (Zyxel P310, P314, P324 and Netgaear RT311, RT314 running the latest ...)
+CAN-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...)
NOTE: not-for-us (Netgear)
CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
NOTE: not-for-us (PafileDB)
@@ -2120,12 +2279,11 @@
NOTE: not-for-us (The Amp II engine as used by Gore: Ultimate Soldier)
CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
{DSA-667-1}
-CAN-2005-0210
- NOTE: reserved
+CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
NOTE: fixed in ubuntu kernels
TODO: check with kernel team
-CAN-2005-0209
- NOTE: reserved
+CAN-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...)
+ TODO: check
CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
- gaim 1:1.1.4
CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
@@ -2461,8 +2619,8 @@
CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
{DSA-653-1}
- ethereal 0.10.9-1
-CAN-2005-0083
- NOTE: reserved
+CAN-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
+ TODO: check
CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
- maxdb-7.5.00 7.5.00.21-1
CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)