[Secure-testing-commits] r975 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Tue, 03 May 2005 22:44:23 +0000
Author: jmm-guest
Date: 2005-05-03 22:44:07 +0000 (Tue, 03 May 2005)
New Revision: 975
Modified:
sarge-checks/CAN/list
Log:
I found a source for this old mcedit "vulnerability" and I think
it's harmless.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-03 22:16:48 UTC (rev 974)
+++ sarge-checks/CAN/list 2005-05-03 22:44:07 UTC (rev 975)
@@ -1496,8 +1496,11 @@
CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
NOTE: not-for-us (Cayman DSL router)
CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
- TODO: check
- NOTE: could not find enough info about the vulneraility to check it
+ NOTE: I could track this down to this posting
+ NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html
+ NOTE: This looks very obscure an does not contain useful information on how this
+ NOTE: was triggered and even then it's not a problem, as mcedit usage does not
+ NOTE: have a remote impact and is not suid
CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...)
NOTE: not-for-us (IPC@CHIP Embedded web server)
CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)