[Secure-testing-commits] r6603 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Sep 12 22:53:53 UTC 2007 

Author: nion
Date: 2007-09-12 22:53:52 +0000 (Wed, 12 Sep 2007)
New Revision: 6603

Modified:
   data/CVE/list
Log:
NFUs
information added for CVE-2007-0347
CVE-2007-4825 php5 unfixed, php4 not-affected
CVE-2007-3998 php5 unfixed, information added
added some notes for CVE-2007-0347


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-12 21:17:54 UTC (rev 6602)
+++ data/CVE/list	2007-09-12 22:53:52 UTC (rev 6603)
@@ -4,53 +4,56 @@
 	- quagga <unfixed> (low)
 	NOTE: Upstream says that this can only be exploited by configured peers.
 CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...)
-	TODO: check
+	- php5 <unfixed> (medium)
+	- php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...")
+	NOTE: php5 PoC can be reproduced
 CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google ...)
-	TODO: check
+	NOT-FOR-US: Google Picasa
 CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack ...)
-	TODO: check
+	NOT-FOR-US: Google Picasa
 CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device ...)
-	TODO: check
+	NOT-FOR-US: Buffalo AirStation firmware
 CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx ...)
-	TODO: check
+	NOT-FOR-US: EDraw Office Viewer
 CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo ...)
-	TODO: check
+	NOT-FOR-US: Sisfo Kampus
 CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 ...)
-	TODO: check
+	NOT-FOR-US: Txx CMS
 CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 ...)
-	TODO: check
+	NOT-FOR-US: Txx CMS
 CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante ...)
-	TODO: check
+	NOT-FOR-US: Joomla component
+	NOTE: not included in standard joomla installation, joomla has an itp though
 CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: BaoFeng2
 CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus ...)
-	TODO: check
+	NOT-FOR-US: WebED
 CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed ...)
-	TODO: check
+	NOT-FOR-US: Microsoft SQL Server Enterprise Manager
 CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 ...)
-	TODO: check
+	NOT-FOR-US: Domino Blogsphere
 CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Mac OS
 CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...)
-	TODO: check
+	NOT-FOR-US: Netjuke
 CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...)
-	TODO: check
+	NOT-FOR-US: Netjuke
 CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy ...)
-	TODO: check
+	NOT-FOR-US: Online Fantasy Football League
 CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote ...)
-	TODO: check
+	NOT-FOR-US: TLM CMS
 CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 ...)
-	TODO: check
+	NOT-FOR-US: Focus/SIS
 CVE-2007-4806 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Focus/SIS
 CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime ...)
-	TODO: check
+	NOT-FOR-US: Fuzzylime CMS
 CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote ...)
-	TODO: check
+	NOT-FOR-US: AuraCMS
 CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...)
-	TODO: check
+	NOT-FOR-US: AtomixMP3
 CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow ...)
-	TODO: check
+	NOT-FOR-US: GlobalLink
 CVE-2007-4801
 	RESERVED
 CVE-2007-4800
@@ -208,7 +211,7 @@
 	NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
 	NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
 CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro ServerProtect
 CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the ...)
 	{DSA-1372-1}
 	NOTE: XFree86 is not affected
@@ -389,7 +392,7 @@
 CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to ...)
 	- php5 <unfixed> (unimportant)
 CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows ...)
-	TODO: check
+	NOT-FOR-US: Adobe Connect Enterprise Server
 CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...)
 	- gallery2 2.2.3-1
 	[etch] - gallery2 <unfixed> (bug #441407)
@@ -701,7 +704,7 @@
 CVE-2007-4513
 	RESERVED
 CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for ...)
-	TODO: check
+	NOT-FOR-US: Sophos Anti-Virus for Windows
 CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
 	NOT-FOR-US: Sun Application Server
 CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...)
@@ -787,7 +790,7 @@
 CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online ...)
 	NOT-FOR-US: QuickBooks
 CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping ...)
-	TODO: check
+	NOT-FOR-US: Earth Resource Mapping NCSView
 CVE-2007-4469
 	RESERVED
 CVE-2007-4468
@@ -1830,7 +1833,11 @@
 	- krb5 1.6.dfsg.1-7 (high)
 	[sarge] - krb5 <not-affected> (Vulnerable code not present)
 CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...)
-	TODO: check
+	- php5 <unfixed>
+	NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
+	NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
+	NOTE: so maybe this is already fixed in 5.2.3, not sure
+	TODO: check php4, contact upstream
 CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
 	TODO: check
 CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...)
@@ -10956,6 +10963,8 @@
 CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
 	TODO: check
 	NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
+	NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
+	NOTE: are done like using %q instead of %s for user supplied data
 CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
 	NOT-FOR-US: FileMailer
 CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)

More information about the Secure-testing-commits mailing list