[Secure-testing-commits] r2445 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Oct 18 21:39:19 UTC 2005
Author: jmm-guest
Date: 2005-10-18 21:39:15 +0000 (Tue, 18 Oct 2005)
New Revision: 2445
Modified:
data/CAN/list
Log:
adapt more of the older entries to current syntax, update
some entries
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-10-18 21:09:05 UTC (rev 2444)
+++ data/CAN/list 2005-10-18 21:39:15 UTC (rev 2445)
@@ -3207,7 +3207,7 @@
CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
- links2 2.1pre16-2 (low)
CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel motherboards
CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
NOT-FOR-US: TeeKai
CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
@@ -3223,17 +3223,14 @@
CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...)
NOT-FOR-US: Cisco
CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...)
- NOTE: fixed in 0.7.12-1
- modlogan 0.7.12-1 (low)
CAN-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
- NOTE: fixed in 0.7.12-1
- modlogan 0.7.12-1 (low)
CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
TODO: check
CAN-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
NOT-FOR-US: PFinger
CAN-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
- NOTE: fixed in 0.6.13-1
- sketch 0.6.13-1 (low)
CAN-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...)
NOT-FOR-US: X-News
@@ -3282,7 +3279,6 @@
CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
NOT-FOR-US: Lotus Domino
CAN-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...)
- NOTE: fixed in 3:2.2.6-5
- imp 3:2.2.6-5 (high)
CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...)
NOT-FOR-US: We use the OTHER beep program :P
@@ -3305,7 +3301,7 @@
CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
NOT-FOR-US: Lotus Domino
CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
- NOT-FOR-US: Mozilla
+ TODO: Check this, Mozilla is in the archive
CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
NOT-FOR-US: Apache
CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
@@ -3400,7 +3396,7 @@
CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
NOT-FOR-US: AIX
CAN-2001-1553 (Buffer overflow in setiathome for SETI at home 3.03, if installed setuid, ...)
- NOTE: not suid in debian
+ - setiathome <not-affected> (not suid in debian)
CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
NOT-FOR-US: Microsoft
CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
@@ -3499,7 +3495,8 @@
CAN-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...)
NOT-FOR-US: HP-UX
CAN-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
- NOTE: lpstat not suid in lprng or cupsys-client in Debian
+ - lprng <not-affected> (Not suid in Debian)
+ - cupsys <not-affected> (Not suid in Debian)
CAN-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
- openssh 1:3.0.1
CAN-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
@@ -3566,10 +3563,9 @@
CAN-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
- xpvm 1.2.5-8 (bug #318285; medium)
CAN-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
- - oftpd <unfixed> (bug #318286; medium)
- NOTE: Maintainer requested removal from the archive, see #332186
+ - oftpd <removed> (bug #318286; medium)
CAN-2005-XXXX [oftpd port DOS]
- - oftpd <unfixed> (bug #307957; low)
+ - oftpd <removed> (bug #307957; low)
NOTE: CVE id requested from mitre
CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
NOT-FOR-US: AIX
@@ -3757,8 +3753,7 @@
CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
NOT-FOR-US: Turbo Traffic Trader
CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
- NOTE: absolutely no useful information, garbage report
- NOTE: compare with #306164
+ - unzoo 4.4-3 (bug #306164)
CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
NOT-FOR-US: DMXReady
CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
@@ -3948,7 +3943,6 @@
NOT-FOR-US: Soldier of Fortune
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
- NOTE: did work for mozilla
- mozilla 2:1.7.10-1 (bug #318723; medium)
CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
NOT-FOR-US: XOOPS
More information about the Secure-testing-commits
mailing list