[Secure-testing-commits] r690 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Wed, 30 Mar 2005 20:25:54 +0000
Author: jmm-guest
Date: 2005-03-30 20:25:51 +0000 (Wed, 30 Mar 2005)
New Revision: 690
Modified:
sarge-checks/CAN/list
Log:
An exploit for the remote smail issue has been published.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-30 16:55:45 UTC (rev 689)
+++ sarge-checks/CAN/list 2005-03-30 20:25:51 UTC (rev 690)
@@ -89,14 +89,6 @@
NOTE: no patch known at this time. See also: CAN-2005-0892
CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
- smail 3.2.0.115-7
- NOTE: The (upstream) smail maintainer claims both vulnerabilities to be not
- NOTE: exploitable. The bugreporter has presented valid claims, though,
- NOTE: but the smail maintainer blocks the reporter's mail domain on
- NOTE: SMTP level, so there's some kind of communication problem :-)
- NOTE: The patch applied by the maintainer addresses the heap overflow,
- NOTE: but doesn't touch the sighandler issues. This deserves a second
- NOTE: deeper analysis.
- NOTE: see CAN-2005-0893 for the other hole..
CAN-2005-0891
NOTE: reserved
CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)