[Secure-testing-commits] r5628 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Apr 5 17:31:58 UTC 2007
Author: jmm-guest
Date: 2007-04-05 17:31:55 +0000 (Thu, 05 Apr 2007)
New Revision: 5628
Modified:
data/CVE/list
data/mopb.txt
Log:
merged more MOPB info into security tracker
new flyspray issue to be fixed soon
new zziplib issue (needs to be checked further)
tag several non-free issues as no-dsa
new evolution issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-05 16:28:39 UTC (rev 5627)
+++ data/CVE/list 2007-04-05 17:31:55 UTC (rev 5628)
@@ -34,9 +34,10 @@
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
NOT-FOR-US: Cisco Unified CallManager
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
- TODO: check
+ - php4 <unfixed> (medium)
+ - php5 <unfixed> (medium)
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
- TODO: check
+ - php5 <unfixed> (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
NOT-FOR-US: T-Mobile
CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...)
@@ -106,7 +107,7 @@
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...)
NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
- - flyspray <unfixed> (medium)
+ - flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low ...)
- flyspray <unfixed> (medium)
CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
@@ -182,11 +183,11 @@
CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Advanced Login
CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
- iceweasel <unfixed> (low)
CVE-2007-1761
@@ -233,7 +234,6 @@
RESERVED
CVE-2007-1740
REJECTED
- TODO: check
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
@@ -340,7 +340,7 @@
CVE-2007-1693
RESERVED
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-1691
RESERVED
CVE-2007-1690
@@ -409,7 +409,7 @@
CVE-2007-1659
RESERVED
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...)
- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...)
@@ -428,6 +428,7 @@
NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
- php5 <unfixed>
+ [etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
@@ -497,7 +498,9 @@
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
- NOT-FOR-US: ZZIPlib
+ - zziplib <unfixed> (unknown)
+ NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
+ TODO: Needs to be checked in sources, if filename is taken from cmd args, this is bogus
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
@@ -543,29 +546,34 @@
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
- linux-2.6 <unfixed> (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...)
NOT-FOR-US: MNews
CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego CMS ...)
NOT-FOR-US: Morcego CMS
CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...)
- madwifi <unfixed> (low)
+ [etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...)
- madwifi <unfixed> (low)
+ [etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...)
- madwifi <unfixed> (low)
+ [etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...)
- madwifi <unfixed> (low)
+ [etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
TODO: check
CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
TODO: check
CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...)
- madwifi <unfixed> (low)
+ [etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
- TODO: check
+ NOT-FOR-US: Elm, removed in 2002
CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...)
- TODO: check
+ NOT-FOR-US: Elm, removed in 2002
CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...)
NOT-FOR-US: Grandstream
CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...)
@@ -633,8 +641,9 @@
[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559
RESERVED
-CVE-2007-1558
+CVE-2007-1558 [APOP crypto weakness]
RESERVED
+ NOT-FOR-US: No practical security implications
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
@@ -894,6 +903,8 @@
NOT-FOR-US: BP Blog
CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...)
- netperf <unfixed> (bug #413658; medium)
+ [sarge] - netperf <no-dsa> (Non-free not supported)
+ [etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...)
@@ -1049,17 +1060,20 @@
CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...)
- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
- TODO: check
+ - php4 <unfixed>
+ - php5 <unfixed>
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
- TODO: check
+ - php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...)
- TODO: check
+ - php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
- TODO: check
+ - php4 <unfixed> (medium)
+ - php5 <unfixed> (medium)
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
- TODO: check
+ - php5 <unfixed> (unknown)
+ NOTE: Needs further investigation
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
NOT-FOR-US: Snitz Forums
CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...)
@@ -2191,7 +2205,8 @@
RESERVED
- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
- TODO: check
+ - evolution <unfixed>
+ [sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001
RESERVED
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
@@ -4798,7 +4813,7 @@
CVE-2007-0039
RESERVED
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-0037
RESERVED
CVE-2007-0036
@@ -5529,7 +5544,7 @@
- gaim 1:2.0.0+beta5-9 (low)
[sarge] - gaim <no-dsa> (minor issue)
CVE-2006-XXXX [xmedcon segfault on some files]
- - xmedcon 0.9.9.4-1 (low; bug #401529)
+ - xmedcon 0.9.9.4-1 (unknown; bug #401529)
TODO: check security impact
CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
- dsniff 2.4b1+debian-16 (unimportant; bug #400624)
Modified: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-04-05 16:28:39 UTC (rev 5627)
+++ data/mopb.txt 2007-04-05 17:31:55 UTC (rev 5628)
@@ -5,13 +5,13 @@
N/A Only triggerable by malicious script
42 PHP 5 php_stream_filter_create() Off By One Vulnerablity
-TODO, needs to be fixed, Sarge not affected
+#TODO, needs to be fixed, Sarge not affected
41 PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability
TODO
40 PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability
-TODO, needs to be fixed
+#TODO, needs to be fixed, CVE-2007-1825
39 PHP str_replace() Memory Allocation Integer Overflow Vulnerability
TODO
@@ -45,7 +45,7 @@
#TODO, CVE-2007-1700
29 PHP 5.2.1 unserialize() Information Leak Vulnerability
-N/A Only affects PHP 5.2.1
+#N/A Only affects PHP 5.2.1
28 PHP hash_update_file() Already Freed Resource Access Vulnerability
#N/A Only triggerable by malicious script, CVE-2007-1581
@@ -88,13 +88,13 @@
This is CVE-2007-1399
15 PHP shmop Functions Resource Verification Vulnerability
-TODO(medium) -> user-supplied data could be used to read/write arbitrary memory
+TODO(medium) -> user-supplied data could be used to read/write arbitrary memory, CVE-2007-1376
14 PHP substr_compare() Information Leak Vulnerability
-TODO -> corner-case where length+offset > INT_MAX
+TODO -> corner-case where length+offset > INT_MAX, CVE-2007-1375
13 PHP 4 Ovrimos Extension Multiple Vulnerabilities
-N/A -> Ovrimos support not provided in any debian php packages
+N/A -> Ovrimos support not provided in any debian php packages, CVE-2007-1379, CVE-2007-1378
12 mod_security POST Rules Bypass Vulnerability
N/A -> applies to modsecurity, not packaged for sarge/etch/(sid?)
@@ -103,7 +103,7 @@
#Fixed in DSA-1264. CVE-2007-0908
10 PHP php_binary Session Deserialization Information Leak Vulnerability
-TODO(low) -> Can only leak 127 bytes of data
+#TODO(low) -> Can only leak 127 bytes of data, CVE-2007-1380
09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
#N/A -> Only applies to a development version in CVS, not a shipped release
More information about the Secure-testing-commits
mailing list