[Secure-testing-commits] r954 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Sun, 01 May 2005 20:42:44 +0000 

Author: jmm-guest
Date: 2005-05-01 20:42:40 +0000 (Sun, 01 May 2005)
New Revision: 954

Modified:
   sarge-checks/CAN/list
Log:
Trimming the list of TODOs:
Add some historic fixes.
Some generic and thus unfixable protocol weaknesses.


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-05-01 20:20:16 UTC (rev 953)
+++ sarge-checks/CAN/list	2005-05-01 20:42:40 UTC (rev 954)
@@ -372,17 +372,14 @@
 	NOTE: not-for-us (Commercial SSH)
 CAN-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
 	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
-	TODO: check whether that's properly documented
 CAN-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
-	TODO: check
+	- phpbb2 2.0.6c-1
 CAN-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
-	TODO: check
+	- phpbb2 2.0.6c-1
 CAN-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...)
 	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
-	TODO: check
 CAN-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
 	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
-	TODO: check
 CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...)
 	NOTE: not-for-us (phpSecurePages)
 CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
@@ -432,9 +429,9 @@
 CAN-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
 	NOTE: not-for-us (Lotus Domino)
 CAN-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
-	TODO: check
+	NOTE: Generic protocol flaw
 CAN-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
-	TODO: check
+	NOTE: Generic protocol flaw
 CAN-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
 	- inn2 2.3.3+20020922-1
 	TODO: Verify whether this applies to inn as well
@@ -459,9 +456,9 @@
 CAN-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
 	NOTE: not-for-us (AIX)
 CAN-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
-	TODO: check
+	- lpr 0.48-1
 CAN-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
-	TODO: check
+	- lpr 0.48-1
 CAN-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
 	- gcc-3.3 3.3.4-1
 CAN-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
@@ -509,6 +506,7 @@
 CAN-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does not ...)
 	NOTE: not-for-us (Musicmatch)
 CAN-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
+	NOTE: This looks rather obscure -jmm
 	TODO: check
 CAN-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...)
 	NOTE: not-for-us (mvnForum)