Author: jmm-guest Date: 2007-03-24 11:08:07 +0000 (Sat, 24 Mar 2007) New Revision: 5584 Modified: data/CVE/list data/mopb.txt Log: more MOPB updates (Sean, please double-check if you find the time) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-24 10:59:38 UTC (rev 5583) +++ data/CVE/list 2007-03-24 11:08:07 UTC (rev 5584) @@ -233,7 +233,9 @@ CVE-2007-1485 (** DISPUTED ** ...) NOT-FOR-US: LIBFtp CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...) - TODO: check + - php4 <unfixed> (unimportant) + - php5 <unfixed> (unimportant) + NOTE: Internal function, only triggerable by malicious script CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...) - webcalendar <unfixed> (high) NOTE: Requested removal from the archive @@ -283,7 +285,7 @@ - php5 <unfixed> (unimportant) NOTE: Safemode and open_basedir bypasses not supported CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 ...) - - php5 <unfixed> (low) + - php5 <unfixed> (unimportant) NOTE: Safemode and open_basedir bypasses not supported CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...) NOT-FOR-US: WebCreator @@ -296,9 +298,9 @@ CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...) NOT-FOR-US: Fantastico CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...) TODO: check CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...) Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-03-24 10:59:38 UTC (rev 5583) +++ data/mopb.txt 2007-03-24 11:08:07 UTC (rev 5584) @@ -14,7 +14,7 @@ #TODO Should be fixed for PHP5, Sarge is not affected, CVE-2007-1584 24 PHP array_user_key_compare() Double DTOR Vulnerability -N/A Internal function, only triggerable by malicious script +#N/A Internal function, only triggerable by malicious script, CVE-2007-1484 23 PHP 5 Rejected Session Identifier Double Free Vulnerability TODO It''s not yet clear, whether this can be exploited from a remote attacker @@ -23,16 +23,16 @@ TODO It''s not yet clear, whether this can be exploited from a remote attacker 21 PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability -N/A Safemode and open_basedir bypasses not supported +#N/A Safemode and open_basedir bypasses not supported, CVE-2007-1461 20 PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability -N/A Safemode and open_basedir bypasses not supported +#N/A Safemode and open_basedir bypasses not supported, CVE-2007-1460 19 PHP ext/filter Space Trimming Buffer Underflow Vulnerability -TODO for PHP5. Sarge not affected. +#TODO for PHP5. Sarge not affected. CVE-2007-1453 18 PHP ext/filter HTML Tag Stripping Bypass Vulnerability -TODO for PHP5. Sarge not affected. +#TODO for PHP5. Sarge not affected. CVE-2007-1453 17 PHP ext/filter FDF Post Bypass Vulnerability TODO(low) -> ...or possibly "broken as designed". Sarge is not affected. @@ -54,7 +54,7 @@ N/A -> applies to modsecurity, not packaged for sarge/etch/(sid?) 11 PHP WDDX Session Deserialization Information Leak Vulnerability -Fixed in DSA-1264. CVE-2007-0908 +#Fixed in DSA-1264. CVE-2007-0908 10 PHP php_binary Session Deserialization Information Leak Vulnerability TODO(low) -> Can only leak 127 bytes of data