[Secure-testing-commits] r1007 - sarge-checks/CAN

Fri, 06 May 2005 09:14:23 +0000

Author: joeyh
Date: 2005-05-06 09:14:20 +0000 (Fri, 06 May 2005)
New Revision: 1007

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
===================================================================

--- sarge-checks/CAN/list	2005-05-06 09:09:03 UTC (rev 1006)
+++ sarge-checks/CAN/list	2005-05-06 09:14:20 UTC (rev 1007)
@@ -1,3 +1,45 @@
+CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
+	TODO: check
+CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)
+	TODO: check
+CAN-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
+	TODO: check
+CAN-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
+	TODO: check
+CAN-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...)
+	TODO: check
+CAN-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...)
+	TODO: check
+CAN-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...)
+	TODO: check
+CAN-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...)
+	TODO: check
+CAN-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...)
+	TODO: check
+CAN-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...)
+	TODO: check
+CAN-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...)
+	TODO: check
+CAN-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
+	TODO: check
+CAN-2005-1458 (Multiple unknown &quot;other problems&quot; in the KINK dissector in Ethereal ...)
+	TODO: check
+CAN-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...)
+	TODO: check
+CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
+	TODO: check
+CAN-2005-1455
+	NOTE: reserved
+CAN-2005-1454
+	NOTE: reserved
+CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
+	TODO: check
+CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
+	TODO: check
+CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)
+	TODO: check
+CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...)
+	TODO: check
 CAN-2005-XXXX [Missing input validation in xtradius]
 	- xtradius (unfixed; bug #307796)
 CAN-2005-XXXX [fai tempfile vulnerability]
@@ -245,34 +287,34 @@
 	- squid 2.5.9-7
 CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
 	- apache2 2.0.54-3
-CAN-2005-1343
-	NOTE: reserved
-CAN-2005-1342
-	NOTE: reserved
-CAN-2005-1341
-	NOTE: reserved
-CAN-2005-1340
-	NOTE: reserved
-CAN-2005-1339
-	NOTE: reserved
-CAN-2005-1338
-	NOTE: reserved
-CAN-2005-1337
-	NOTE: reserved
-CAN-2005-1336
-	NOTE: reserved
-CAN-2005-1335
-	NOTE: reserved
+CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
+	TODO: check
+CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
+	TODO: check
+CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
+	TODO: check
+CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
+	TODO: check
+CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
+	TODO: check
+CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
+	TODO: check
+CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
+	TODO: check
+CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
+	TODO: check
+CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
+	TODO: check
 CAN-2005-1334
 	NOTE: reserved
-CAN-2005-1333
-	NOTE: reserved
-CAN-2005-1332
-	NOTE: reserved
-CAN-2005-1331
-	NOTE: reserved
-CAN-2005-1330
-	NOTE: reserved
+CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
+	TODO: check
+CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
+	TODO: check
+CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
+	TODO: check
+CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
+	TODO: check
 CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
 	NOTE: not-for-us (OneWorldStore)
 CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
@@ -562,8 +604,8 @@
 CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
 	NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian
 	- xine-lib 1.0.1-1
-CAN-2005-1194
-	NOTE: reserved
+CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
+	TODO: check
 CAN-2005-1193
 	NOTE: reserved
 CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
@@ -855,7 +897,7 @@
 	NOTE: not-for-us (monkeyd)
 CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
 	NOTE: not-for-us (monkeyd)
-CAN-2005-1121 (Format string vulnerability in Oops! Proxy Server 1.5.53 and earlier ...)
+CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
 	NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
 	- oops (unfixed; bug #307360)
 CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
@@ -1308,8 +1350,8 @@
 	NOTE: not-for-us (Bugtracker.NET)
 CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
 	NOTE: not-for-us (Adventia E-Data)
-CAN-2005-0918
-	NOTE: reserved
+CAN-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
+	TODO: check
 CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...)
 	NOTE: not-for-us (EncapsBB not in Debian)
 CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
@@ -2312,8 +2354,8 @@
 	- php4 4.3.8-1
 CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
 	NOTE: not-for-us (BadBlue)
-CAN-2005-0594
-	NOTE: reserved
+CAN-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
+	TODO: check
 CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
 	- mozilla-firefox 1.0.1
 	- mozilla 2:1.7.6-1
@@ -4679,8 +4721,8 @@
 	{DSA-617-1}
 	- libtiff4 3.6.1-4
 	TODO: other packages containing libtiff code may be vulnerable
-CAN-2004-1307
-	NOTE: reserved
+CAN-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
+	TODO: check
 CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
 	NOTE: not-for-us (Windows)
 CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
@@ -8087,7 +8129,7 @@
 	NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb)
 CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
 	NOTE: not-for-us (castlerock SNMPc)
-CAN-2003-0744 (The fetchnews client in leafnode 1.9.3 to 1.9.41 allows remote ...)
+CAN-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...)
 	- leafnode 1.9.42
 CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
 	{DSA-376}
@@ -8597,9 +8639,9 @@
 	{DSA-338}
 CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
 	{DSA-335}
-CAN-2003-0498 (Cach&#195;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
+CAN-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
 	NOTE: not-for-us (Intersystems Cache database)
-CAN-2003-0497 (Cach&#195;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
+CAN-2003-0497 (Cach&#129;&#195;&#129;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
 	NOTE: not-for-us (Intersystems Cache database)
 CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
 	NOTE: not-for-us (Microsoft)



