[Secure-testing-commits] r5646 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Apr 11 19:51:16 UTC 2007 

Author: jmm-guest
Date: 2007-04-11 19:51:12 +0000 (Wed, 11 Apr 2007)
New Revision: 5646

Modified:
   data/CVE/list
   data/mopb.txt
Log:
more work on php (currently focused on php4)
two php issues unimportant
pennmush no-dsa
centericq icq not-affected, fixed anyway


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-11 18:25:02 UTC (rev 5645)
+++ data/CVE/list	2007-04-11 19:51:12 UTC (rev 5646)
@@ -851,7 +851,8 @@
 CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 ...)
 	NOT-FOR-US: Symantec Norton Personal Firewall
 CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
-	- php4 <unfixed> (low)
+	- php4 <unfixed> (unimportant)
+	NOTE: Can only be triggered by malicious script
 CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
 	- horde3 3.1.3-4 (medium)
 CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
@@ -970,7 +971,9 @@
 CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...)
 	NOT-FOR-US: Grayscale Blog
 CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...)
-	- pennmush <unfixed>
+	- pennmush <unfixed> (low)
+	[sarge] - pennmush <no-dsa> (Minor issue)
+	[etch] - pennmush <no-dsa> (Minor issue)
 CVE-2007-1430 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: ClipShare
 CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...)
@@ -1091,8 +1094,8 @@
 	- php4 <unfixed> (medium)
 	- php5 <unfixed> (medium)
 CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
-	- php5 <unfixed> (unknown)
-	NOTE: Needs further investigation
+	- php5 <unfixed> (medium)
+	NOTE: Should be fixed, could be used as a stepstone for further attacks
 CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
 	NOT-FOR-US: Snitz Forums
 CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...)
@@ -1346,8 +1349,9 @@
 CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
 	- php4 <unfixed> (low)
 CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a ...)
-	- php5 <unfixed> (low)
-	- php4 <unfixed> (low)
+	- php5 <unfixed> (unimportant)
+	- php4 <unfixed> (unimportant)
+	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
 CVE-2007-1284
 	RESERVED
 CVE-2007-1283
@@ -3892,7 +3896,8 @@
 CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...)
 	NOT-FOR-US: VirtueMart
 CVE-2007-XXXX [libjabber DoS]
-	- centericq 4.21.0-18 (bug #406982)
+	- centericq 4.21.0-18 (unimportant; bug #406982)
+	NOTE: Affected function isn't used in the source
 CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
 	- python-django 0.95.1-1 (bug #407607)
 CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-11 18:25:02 UTC (rev 5645)
+++ data/mopb.txt	2007-04-11 19:51:12 UTC (rev 5646)
@@ -81,17 +81,19 @@
 #TODO for PHP5. Sarge not affected. CVE-2007-1453
 
 17  PHP ext/filter FDF Post Bypass Vulnerability
-TODO(low) -> ...or possibly "broken as designed". Sarge is not affected.
+#TODO(low) -> ...or possibly "broken as designed". CVE-2007-1452, Sarge is not affected.
 
 16  PHP zip:// URL Wrapper Buffer Overflow Vulnerability
-VERIFY -> is this CVE-2007-0906/zip? i can't reproduce it anyway...
-This is CVE-2007-1399
+TODO, CVE-2007-1399, is the affected zip extension activated in the PHP build?
+  According to the Security Tracker it's not built? -jmm
 
 15  PHP shmop Functions Resource Verification Vulnerability
 TODO(medium) -> user-supplied data could be used to read/write arbitrary memory, CVE-2007-1376
+  AFAICS this can only be triggered by malicious script and thus doesn't fall under our
+  PHP security policy? -jmm
 
 14  PHP substr_compare() Information Leak Vulnerability
-TODO -> corner-case where length+offset > INT_MAX, CVE-2007-1375
+#TODO -> corner-case where length+offset > INT_MAX, CVE-2007-1375
 
 13  PHP 4 Ovrimos Extension Multiple Vulnerabilities
 N/A -> Ovrimos support not provided in any debian php packages, CVE-2007-1379, CVE-2007-1378
@@ -118,13 +120,13 @@
 N/A -> Only affects the Zend platform
 
 05  PHP unserialize() 64 bit Array Creation Denial of Service  Vulnerability
-Fixed in DSA-1264. CVE-2007-0988
+#Fixed in DSA-1264. CVE-2007-0988
 
 04  PHP 4 unserialize() ZVAL Reference Counter Overflow
 TODO(medium) -> Arguably an app bug, but we should probably grab the fix anyway
 
 03  PHP Variable Destructor Deep Recursion Stack Overflow
-N/A -> Applications need to impose sanity checks for maximum recursion
+#N/A -> Applications need to impose sanity checks for maximum recursion, CVE-2007-1285
 
 02  PHP Executor Deep Recursion Stack Overflow
 N/A -> Applications need to impose sanity checks for maximum recursion

More information about the Secure-testing-commits mailing list