[Secure-testing-commits] r24073 - data/CVE

Helmut Grohne helmutg at alioth.debian.org
Sat Oct 19 07:38:06 UTC 2013


Author: helmutg
Date: 2013-10-19 07:38:06 +0000 (Sat, 19 Oct 2013)
New Revision: 24073

Modified:
   data/CVE/list
Log:
report back on CVE-2013-4786 investigation

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-19 06:49:23 UTC (rev 24072)
+++ data/CVE/list	2013-10-19 07:38:06 UTC (rev 24073)
@@ -2948,8 +2948,8 @@
 CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
 	NOT-FOR-US: Android
 CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange ...)
-	TODO: check
 	NOTE: Design flaw in the IPMI 2.0 specification. Any correctly implemented device is vulnerable.
+	NOTE: Contacted relevant maintainers: Since few to no devices do mutual authentication, tools shipped by Debian are generally not affected. At best, the tools can print a warning for vulnerable devices.
 CVE-2013-4784 (The HP Integrated Lights-Out (iLO) BMC implementation allows remote ...)
 	NOT-FOR-US: HP IPMI device
 CVE-2013-4781 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance ...)




More information about the Secure-testing-commits mailing list