thr3ads.net - Secure testing commits - [Secure-testing-commits] r11917

If this information is useful, please help other people find it:
Share via:

Michael Gilbert

2009-May-18 20:10 UTC

[Secure-testing-commits] r11917 - data/CVE

Author: gilbert-guest
Date: 2009-05-18 20:10:36 +0000 (Mon, 18 May 2009)
New Revision: 11917

Modified:
   data/CVE/list
Log:
kernel issue triage


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-18 18:50:49 UTC (rev 11916)
+++ data/CVE/list	2009-05-18 20:10:36 UTC (rev 11917)
@@ -297,6 +297,9 @@
 	RESERVED
 CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c
in the ...)
 	- linux-2.6 <unfixed> (high)
+	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.29)
+	NOTE: vulnerability introduced in commit d84f4f99, which has only been
included in the kernel since 2.6.29
 	NOTE: it has been confirmed that an exploit in the wild is making use of this
vulnerability
 CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to
create or ...)
 	NOT-FOR-US: Directadmin
@@ -738,8 +741,9 @@
 CVE-2009-1363
 	RESERVED
 CVE-2009-1360 (The __inet6_check_established function in
net/ipv6/inet6_hashtables.c ...)
-	- linux-2.6 2.6.29-1
+	- linux-2.6 2.6.29-1 (low; bug #529342)
 	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.27)
+	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
 	- linux-2.6.24 <not-affected> (Introduced in 2.6.27)
 CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the
Events ...)
 	NOT-FOR-US: Seditio CMS
@@ -2964,9 +2968,10 @@
 CVE-2009-0788
 	RESERVED
 CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs
...)
-	- linux-2.6 2.6.29-1
+	- linux-2.6 2.6.29-1 (medium; bug #529326)
 	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
-	- linux-2.6.24 <not-affected> (Only affects 2.6.28)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
+	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.28)
 CVE-2009-0786
 	RESERVED
 CVE-2009-0785
@@ -20508,10 +20513,10 @@
 CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0
allows ...)
 	NOT-FOR-US: xeCMS
 CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root
on a ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <unfixed> (low; bug #529318)
 	NOTE: While labeled as an Apache flaw, this needs to be fixed in smbfs
-	NOTE: This is likely already fixed in recent kernels, but we need to pin point
-	NOTE: a fixed version
+	NOTE: This is likely already fixed in recent kernels, but we need to pin point
a fixed version
+	NOTE: Low urgency since the worst that can happen is exposure of php (or other
script) code that was intended to be kept secret from remote http users
 CVE-2007-XXXX [venkman preinst symlink dos]
 	- venkman 0.9.87.2-1 (bug #456520)
 	[lenny] - venkman <not-affected> (Vulnerable code not present)

Secure testing commits - May 2009 - r11917 - data/CVE

[Secure-testing-commits] r11917 - data/CVE