[Secure-testing-commits] r5614 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2007-04-02 19:37:51 +0000 (Mon, 02 Apr 2007)
New Revision: 5614

Modified:
   data/CVE/list
   data/mopb.txt
Log:
more PHP updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-02 17:54:08 UTC (rev 5613)
+++ data/CVE/list	2007-04-02 19:37:51 UTC (rev 5614)
@@ -138,9 +138,12 @@
 CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
 	TODO: check
 CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
-	TODO: check
+	- php4 <unfixed> (medium)
+	- php5 <unfixed> (medium)
 CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
-	TODO: check
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: Hardly a security problem
 CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
 	TODO: check
 CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
@@ -152,9 +155,13 @@
 CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
 	TODO: check
 CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
-	TODO: check
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: register_globals not supported
 CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
-	TODO: check
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: Safe mode violations not supported, insufficient measure
 CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
 	TODO: check
 CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...)
@@ -172,9 +179,13 @@
 CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...)
 	TODO: check
 CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...)
-	TODO: check
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: register_globals not supported
 CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...)
-	TODO: check
+	- php4 <unfixed> (unknown)
+	- php5 <unfixed> (unknown)
+	NOTE: Should be fixed, if remotely exploitable
 CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
 	TODO: check
 CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...)

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-02 17:54:08 UTC (rev 5613)
+++ data/mopb.txt	2007-04-02 19:37:51 UTC (rev 5614)
@@ -2,7 +2,7 @@
 TODO
 
 43  PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty
-TODO
+N/A Only triggerable by malicious script
 
 42  PHP 5 php_stream_filter_create() Off By One Vulnerablity
 TODO, needs to be fixed, Sarge not affected
@@ -29,19 +29,19 @@
 TODO
 
 34  PHP mail() Header Injection Through Subject and To Parameters
-TODO, needs to be fixed
+#TODO, needs to be fixed, CVE-2007-1718
 
 33  PHP mail() Message ASCIIZ Byte Truncation
-N/A I don't see how this can become a security problem?
+#N/A I don't see how this can become a security problem, CVE-2007-1717
 
 32  PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability (U) 
 TODO, needs to be fixed in php/etch, sarge not affected
 
 31  PHP _SESSION Deserialization Overwrite Vulnerability
-N/A register_globals not supported
+#N/A register_globals not supported
 
 30  PHP _SESSION unset() Vulnerability
-TODO
+#TODO, CVE-2007-1700
 
 29  PHP 5.2.1 unserialize() Information Leak Vulnerability
 N/A Only affects PHP 5.2.1