[Secure-testing-commits] r5659 - in data: . CVE
Kees Cook
keescook-guest at alioth.debian.org
Mon Apr 16 21:59:55 UTC 2007
Author: keescook-guest
Date: 2007-04-16 21:59:52 +0000 (Mon, 16 Apr 2007)
New Revision: 5659
Modified:
data/CVE/list
data/mopb.txt
Log:
NFUs: 17
unfixed: ipsec-tools php4 php5 sqlite
mopb: more details, #45 added.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-16 21:01:26 UTC (rev 5658)
+++ data/CVE/list 2007-04-16 21:59:52 UTC (rev 5659)
@@ -51,7 +51,7 @@
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
- TODO: check
+ NOT-FOR-US: WIndows Explorer
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...)
@@ -119,11 +119,11 @@
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...)
NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...)
NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...)
@@ -163,15 +163,18 @@
CVE-2007-1891
RESERVED
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
- TODO: check
+ - php4 <unfixed> (unimportant)
+ - php5 <unfixed> (unimportant)
+ NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
- php5 <unfixed> (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
- - php4 <not-affected> (SQLite not enabled in PHP 4 packages)
- TODO: check PHP 5
+ - sqlite <unfixed> (medium)
+ NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
- TODO: check PHP 5
+ - php5 <unfixed> (medium)
+ NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
NOT-FOR-US: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
@@ -269,9 +272,9 @@
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...)
NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...)
- TODO: check
+ - ipsec-tools <unfixed> (medium)
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft ASP .NET Framework
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, and 5.1.x before ...)
- net-snmp 5.2.2-1 (medium)
CVE-2005-4836
@@ -724,9 +727,9 @@
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...)
- TODO: check
+ NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...)
NOT-FOR-US: LAN Management System
CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...)
@@ -1842,29 +1845,29 @@
{DSA-1276-1}
- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft GDI
CVE-2007-1214
RESERVED
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft GDI
CVE-2007-1211 (Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-1210
RESERVED
CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...)
- TODO: check
+ NOT-FOR-US: Windows Vista
CVE-2007-1208
RESERVED
CVE-2007-1207
RESERVED
CVE-2007-1206 (The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-1204 (Unspecified vulnerability in the Universal Plug and Play (UPnP) ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2007-1203
RESERVED
CVE-2007-1202
@@ -2653,9 +2656,9 @@
CVE-2007-0940
RESERVED
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
- TODO: check
+ NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
- TODO: check
+ NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
RESERVED
CVE-2007-0936
Modified: data/mopb.txt
===================================================================
--- data/mopb.txt 2007-04-16 21:01:26 UTC (rev 5658)
+++ data/mopb.txt 2007-04-16 21:59:52 UTC (rev 5659)
@@ -1,62 +1,65 @@
+45 PHP ext/filter Email Validation Vulnerability
+TODO(low) -> possible email header injections when coupled with other problems (php5 5.2.0, 5.2.1)
+
44 PHP 5.2.0 Memory Manager Signed Comparision Vulnerability
-TODO
+#TODO(medium) -> remotely exploitable via SOAP interfaces, CVE-2007-1889 (php5 5.2.0 only)
43 PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty
-N/A Only triggerable by malicious script
+#N/A -> Only triggerable by malicious script, CVE-2007-1890 (php4 & php5, local code execution, possibly FreeBSD only)
42 PHP 5 php_stream_filter_create() Off By One Vulnerablity
-#TODO, needs to be fixed, Sarge not affected
+#TODO(medium) -> needs to be fixed, Sarge not affected, CVE-2007-1824 (php5, remote code execution, though haven't reproduced it)
41 PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability
-TODO for PHP5, not activated in the PHP4 build, possible also a dupe of CVE-2007-0906, CVE-2007-1887. (php4 & php5, remote code execution)
+#TODO(medium) -> for PHP5, not activated in the PHP4 build, CVE-2007-1887. (php4 & php5, remote code execution)
40 PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability
-# Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1825
+#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1825
39 PHP str_replace() Memory Allocation Integer Overflow Vulnerability
-# Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1885
+#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1885
38 PHP printf() Family 64 Bit Casting Vulnerabilities
-# Already fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0909/CVE-2007-1884
+#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0909/CVE-2007-1884
37 PHP iptcembed() Interruption Information Leak Vulnerability
-#N/A Only triggerable by malicious script, CVE-2007-1883 (php4 & php5, local code execution)
+#N/A -> Only triggerable by malicious script, CVE-2007-1883 (php4 & php5, local code execution)
36 PHP session.save_path open_basedir Bypass Vulnerability
-#N/A open_basedir bypasses not supported, CVE-2007-1461
+#N/A -> open_basedir bypasses not supported, CVE-2007-1461
35 PHP 4 zip_entry_read() Integer Overflow Vulnerability
-#TODO(medium), needs to be fixed, CVE-2007-1777 (php4, remote code execution)
+#TODO(medium) -> needs to be fixed, CVE-2007-1777 (php4, remote code execution)
34 PHP mail() Header Injection Through Subject and To Parameters
-#TODO(medium), needs to be fixed, CVE-2007-1718 (php4 & php5, header injection possible via some MTAs when set to process the headers for recipients)
+#TODO(medium) -> needs to be fixed, CVE-2007-1718 (php4 & php5, header injection possible via some MTAs when set to process the headers for recipients)
33 PHP mail() Message ASCIIZ Byte Truncation
-#TODO(low) applications could end up vulnerable to phishing attacks if attackers injected a nearly correct-looking email content prior to the NULL byte, CVE-2007-1717 (php4 & php5, possible phishing or other impersonation possible, though this problem is really a problem with the application allowing unsanitized inputs)
+#TODO(low) -> applications could end up vulnerable to phishing attacks if attackers injected a nearly correct-looking email content prior to the NULL byte, CVE-2007-1717 (php4 & php5, possible phishing or other impersonation possible, though this problem is really a problem with the application allowing unsanitized inputs)
32 PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability (U)
-TODO(medium), needs to be fixed in php/etch, sarge not affected (php4 4.4.5/4.4.6, remote code execution)
+TODO(medium) -> needs to be fixed in php/etch, sarge not affected (php4 4.4.5/4.4.6, remote code execution)
31 PHP _SESSION Deserialization Overwrite Vulnerability
-#N/A register_globals not supported, already fixed in DSA-1264, dupe CVE-2007-0910/CVE-2007-1701 (php4 & php5, very hard to trigger remotely, code execution)
+#N/A -> register_globals not supported, already fixed in DSA-1264, dupe CVE-2007-0910/CVE-2007-1701 (php4 & php5, very hard to trigger remotely, code execution)
30 PHP _SESSION unset() Vulnerability
-#TODO(low), hard to trigger remotely, CVE-2007-1700. (php4 & php5, code execution)
+#TODO(low) -> hard to trigger remotely, CVE-2007-1700. (php4 & php5, code execution)
29 PHP 5.2.1 unserialize() Information Leak Vulnerability
-#N/A Only affects PHP 5.2.1 (heap leak via broken "S" unserializer, which should maybe be removed from 5.2.1, since it is only for future compatibility and is totally broken?)
+#N/A -> Only affects PHP 5.2.1 (heap leak via broken "S" unserializer, which should maybe be removed from 5.2.1, since it is only for future compatibility and is totally broken?)
28 PHP hash_update_file() Already Freed Resource Access Vulnerability
-#N/A Only triggerable by malicious script, CVE-2007-1581 (php5, local malicious stream handler leads to code execution)
+#N/A -> Only triggerable by malicious script, CVE-2007-1581 (php5, local malicious stream handler leads to code execution)
27 PHP ext/gd Already Freed Resource Access Vulnerability
-#N/A Only triggerable by malicious script, CVE-2007-1582 (php4 & php5, local malicious error handler leads to code execution)
+#N/A -> Only triggerable by malicious script, CVE-2007-1582 (php4 & php5, local malicious error handler leads to code execution)
26 PHP mb_parse_str() register_globals Activation Vulnerability
-#TODO(medium) functionally enables register_globals for any future requests, CVE-2007-1583 (php4 & php5, enables stealth register_globals for life of process)
+#TODO(medium) -> functionally enables register_globals for any future requests, CVE-2007-1583 (php4 & php5, enables stealth register_globals for life of process)
25 PHP header() Space Trimming Buffer Underflow Vulnerability
-# Already fixed in Etch as part of the 5.2.1 backport, dupe CVE-2007-0907/CVE-2007-1584
+#Fixed in Etch as part of the 5.2.1 backport, dupe CVE-2007-0907/CVE-2007-1584
24 PHP array_user_key_compare() Double DTOR Vulnerability
#TODO(medium) -> locally exploitable to gain access to process memory (not remote), CVE-2007-1484 (php4 & php5, code execution)
@@ -68,16 +71,16 @@
#TODO(medium) -> locally exploitable to gain access to process memory, hard to do remotely, CVE-2007-1521 (php4 & php5, code execution)
21 PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability
-#N/A Safemode and open_basedir bypasses not supported, CVE-2007-1461
+#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1461
20 PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability
#N/A Safemode and open_basedir bypasses not supported, CVE-2007-1460
19 PHP ext/filter Space Trimming Buffer Underflow Vulnerability
-#TODO(medium) for PHP5. Sarge not affected. CVE-2007-1453 (php5 5.2.0 only, code execution on big endian)
+#TODO(medium) -> for PHP5. Sarge not affected. CVE-2007-1453 (php5 5.2.0 only, code execution on big endian)
18 PHP ext/filter HTML Tag Stripping Bypass Vulnerability
-#TODO(medium) for PHP5. Sarge not affected. CVE-2007-1453 (php5 5.2.0 only, can avoid filters)
+#TODO(medium) -> for PHP5. Sarge not affected. CVE-2007-1453 (php5 5.2.0 only, can avoid filters)
17 PHP ext/filter FDF Post Bypass Vulnerability
#TODO(low) -> ...or possibly "broken as designed". CVE-2007-1452, Sarge is not affected. (php5 5.2.0 only, can avoid filters)
More information about the Secure-testing-commits
mailing list