[Secure-testing-commits] r5063 - data/CVE
Florian Weimer
fw at alioth.debian.org
Mon Dec 4 22:13:04 CET 2006
Author: fw
Date: 2006-12-04 22:13:00 +0100 (Mon, 04 Dec 2006)
New Revision: 5063
Modified:
data/CVE/list
Log:
PostNuke NFU
A couple of Toredo protocol issues don't appear to be that significant.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-04 20:44:18 UTC (rev 5062)
+++ data/CVE/list 2006-12-04 21:13:00 UTC (rev 5063)
@@ -16,15 +16,19 @@
CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...)
TODO: check
CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: PostNuke
CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...)
- TODO: check
+ NOTE: It seems that no significant packet amplification takes place.
+ NOTE: Probably harmless.
CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...)
- TODO: check
+ NOTE: Potential firewall bypass is inherent to tunneling software.
+ NOTE: Not a bug.
CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...)
- TODO: check
+ NOTE: Potential firewall bypass is inherent to tunneling software.
+ NOTE: Not a bug.
CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...)
- TODO: check
+ NOTE: Potential firewall bypass is inherent to tunneling software.
+ NOTE: Not a bug.
CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...)
TODO: check
CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...)
More information about the Secure-testing-commits
mailing list