[Secure-testing-commits] r1055 - sarge-checks/CAN
Joey Hess
joeyh@costa.debian.org
Sat, 14 May 2005 03:45:45 +0000
Author: joeyh
Date: 2005-05-14 03:45:42 +0000 (Sat, 14 May 2005)
New Revision: 1055
Modified:
sarge-checks/CAN/list
Log:
check and update
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-05-14 03:07:19 UTC (rev 1054)
+++ sarge-checks/CAN/list 2005-05-14 03:45:42 UTC (rev 1055)
@@ -6,102 +6,101 @@
CAN-2005-XXXX [Minor information leak in product handling]
- bugzilla (unfixed; bug #308787)
CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
- TODO: check
+ NOTE: not-for-us (PwsPHP)
CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
- TODO: check
+ NOTE: not-for-us (PwsPHP)
CAN-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOTE: not-for-us (PwsPHP)
CAN-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...)
- TODO: check
+ NOTE: not-for-us (PwsPHP)
CAN-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...)
- TODO: check
+ NOTE: not-for-us (PwsPHP)
CAN-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
- TODO: check
+ NOTE: not-for-us (WebSTAR)
CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra Plus 1.0.3 and ...)
- TODO: check
+ NOTE: not-for-us (CJ Ultra Plus)
CAN-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
- TODO: check
+ NOTE: not-for-us (MacOS)
CAN-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...)
- TODO: check
+ NOTE: not-for-us (GameSpy SDK CD-Key Validation Toolkit)
CAN-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...)
- TODO: check
+ NOTE: not-for-us (MidiCart)
CAN-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
- TODO: check
+ NOTE: not-for-us (MidiCart)
CAN-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOTE: not-for-us (MidiCart)
CAN-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
- TODO: check
+ NOTE: not-for-us (myBloggie)
CAN-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...)
- TODO: check
+ NOTE: not-for-us (myBloggie)
CAN-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
- TODO: check
+ NOTE: not-for-us (myBloggie)
CAN-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (myBloggie)
CAN-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...)
- TODO: check
+ NOTE: not-for-us (MegaBook)
CAN-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (SimpleCam)
CAN-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...)
- TODO: check
+ NOTE: not-for-us (Gossamer Threads Links)
CAN-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
CAN-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
CAN-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
CAN-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
- TODO: check
+ NOTE: not-for-us (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2)
CAN-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...)
- TODO: check
+ NOTE: not-for-us (FishCart)
CAN-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
- TODO: check
+ NOTE: not-for-us (FishCart)
CAN-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...)
- TODO: check
+ NOTE: not-for-us (Golden FTP Server Pro)
CAN-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
- TODO: check
+ NOTE: not-for-us (Golden FTP Server Pro)
CAN-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...)
- TODO: check
+ NOTE: not-for-us (ArticleLive)
CAN-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
- TODO: check
+ NOTE: not-for-us (ArticleLive)
CAN-2005-1481 (Multiple SQL injection vulnerabilities in ASP Inline Corporate ...)
- TODO: check
+ NOTE: not-for-us (ASP Inline Corporate Calendar)
CAN-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
- TODO: check
+ NOTE: not-for-us (RaidenFTPD)
CAN-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...)
- TODO: check
+ NOTE: not-for-us (JGS-Portal)
CAN-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...)
- TODO: check
+ NOTE: not-for-us (DMail)
CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
- NOTE: not-for-us
+ NOTE: not-for-us (DMail)
CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
NOTE: not in testing
NOTE: non-free
- NOTE: I don't feel to fill a bug for this (a DoS that could only appen on 64bits
- NOTE: plateforms with more than 4GB of memory)
+ - qmail-src (unfixed; bug #309048)
CAN-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
- NOTE: cf CAN-2005-1515
+ - qmail-src (unfixed; bug #309048)
CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
- NOTE: cf CAN-2005-1515
+ - qmail-src (unfixed; bug #309048)
CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...)
- NOTE: not-for-us
+ NOTE: not-for-us (JAWS)
CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
- NOTE: not-for-us
+ NOTE: not-for-us (LinPHA)
CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
- dansguardian 2.5.2-0-0.1
CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...)
- NOTE: not-for-us
+ NOTE: not-for-us (lostBook)
CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
- NOTE: not-for-us
+ NOTE: not-for-us (AntiBoard)
CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
- NOTE: not-for-us
+ NOTE: not-for-us (AntiBoard)
CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
- NOTE: not-for-us
+ NOTE: not-for-us (RiSearch)
CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
- NOTE: not-for-us
+ NOTE: not-for-us (ASPRunner)
CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
NOTE: not-for-us
CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
@@ -747,15 +746,15 @@
TODO: check
end claimed by djoume
CAN-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
- TODO: check
+ NOTE: ancient and unreleased source code with backdoor
CAN-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)
- TODO: check
+ NOTE: not-for-us (FlexWATCH)
CAN-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...)
- TODO: check
+ NOTE: not-for-us (Plug and Play Web Server)
CAN-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...)
- TODO: check
+ NOTE: not-for-us (Plug and Play Web Server)
CAN-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...)
- TODO: check
+ NOTE: not-for-us (Citrix)
CAN-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...)
TODO: check
CAN-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...)
@@ -828,7 +827,7 @@
CAN-2005-1472
NOTE: reserved
CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
- TODO: check
+ NOTE: not-for-us (RSA SecurID Web Agent)
CAn-2005-XXXX [race condition with a buffered temp file]
NOTE: no bug ever filed for this one
- pysvn 1.1.2-3
@@ -1010,7 +1009,7 @@
CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
NOTE: not-for-us (Skype)
CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
NOTE: not-for-us (Lotus Domino)
CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
@@ -1022,9 +1021,9 @@
CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
NOTE: not-for-us (Mtp-Target)
CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
NOTE: not-for-us (Skype)
CAN-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows ...)
@@ -1149,33 +1148,34 @@
CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
- apache2 2.0.54-3
CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
- TODO: check
+ NOTE: not-for-us (vpnd for Mac OS X)
CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
- TODO: check
+ NOTE: not-for-us (Apple Terminal)
CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
- TODO: check
+ NOTE: not-for-us (Apple Terminal)
CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
- TODO: check
+ NOTE: verified that our lukemftpd uses pw->pw_name when
+ NOTE: checking /etc/ftpchroot.
CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1334
NOTE: reserved
CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
- TODO: check
+ NOTE: not-for-us (Mac OS X)
CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
NOTE: not-for-us (OneWorldStore)
CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
@@ -1476,7 +1476,7 @@
NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian
- xine-lib 1.0.1-1
CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
- TODO: check
+ - nasm (unfixed; bug filed)
CAN-2005-1193
NOTE: reserved
CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)