[Secure-testing-commits] r1897 - in data: CAN DTSA/advs

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sat Sep 10 00:45:18 UTC 2005 

Author: jmm-guest
Date: 2005-09-10 00:45:14 +0000 (Sat, 10 Sep 2005)
New Revision: 1897

Removed:
   data/DTSA/advs/0-hotzenplotz.adv
Modified:
   data/CAN/list
Log:
more bugnums
remove the old hotzenplotz example .adv


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-10 00:40:15 UTC (rev 1896)
+++ data/CAN/list	2005-09-10 00:45:14 UTC (rev 1897)
@@ -1,5 +1,5 @@
 CAN-2005-XXXX [format string vulnerability in mailutils's imap4d server]
-	- mailutils (unfixed; bug filed; high)
+	- mailutils (unfixed; bug #327424; high)
 CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
 	NOTE: not-for-us (Solaris)
 CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
@@ -21,7 +21,7 @@
 CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
 	NOTE: not-for-us (N-Stealth)
 CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
-	- nikto (unfixed; bug filed; medium)
+	- nikto (unfixed; bug #327339; medium)
 CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
 	NOTE: not-for-us (Savant Web Server)
 CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)

Deleted: data/DTSA/advs/0-hotzenplotz.adv
===================================================================
--- data/DTSA/advs/0-hotzenplotz.adv	2005-09-10 00:40:15 UTC (rev 1896)
+++ data/DTSA/advs/0-hotzenplotz.adv	2005-09-10 00:45:14 UTC (rev 1897)
@@ -1,15 +0,0 @@
-source: hotzenplotz
-date: September 7th, 2005
-author: Wachtmeister Dimpfelmoser
-vuln-type: buffer overflows
-problem-scope: remote
-debian-specifc: 
-cve: CAN-1978-0019
-vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html
-testing-fix: 3.14-1ts1
-sid-fix: 3.14-2
-upgrade: apt-get install hotzenplotz
-
-User authentication in hotzenplotz does not verify the user name properly.
-A buffer overflow can be exploited to execute arbitrary code with elevated
-privileges.

More information about the Secure-testing-commits mailing list