Author: jmm-guest Date: 2005-09-08 10:43:02 +0000 (Thu, 08 Sep 2005) New Revision: 1849 Modified: data/CAN/list Log: hiki xss, kernel sg_seqfile dos, ssh, phpldapadmin CANified new squid issue (dos again) Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-08 10:12:00 UTC (rev 1848) +++ data/CAN/list 2005-09-08 10:43:02 UTC (rev 1849) @@ -75,69 +75,69 @@ NOTE: reserved begin claimed by jmm CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...) - TODO: check + - hiki 0.8.3-1 CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...) - TODO: check + - linux-2.6 2.6.12-6 (low) CAN-2005-2799 NOTE: reserved CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...) - TODO: check + - openssh (unfixed; bug #326065; medium) CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...) - TODO: check + - openssh (unfixed; bug #326065; medium) CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...) - TODO: check + - squid 2.5.10-5 (medium) CAN-2005-2795 NOTE: reserved CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...) - TODO: check + - squid 2.5.10-5 (medium) CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...) - TODO: check + - phpldapadmin 0.9.6c-7 (bug #325785; medium) CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...) - TODO: check + - phpldapadmin 0.9.6c-7 (bug #325785; medium) CAN-2005-2791 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) - TODO: check + NOTE: not-for-us (BFCC) CAN-2005-2790 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) - TODO: check + NOTE: not-for-us (BFCC) CAN-2005-2789 (BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...) - TODO: check + NOTE: not-for-us (BFCC) CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...) - TODO: check + NOTE: not-for-us (Land Down Under) CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Simple PHP Blog) CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...) - TODO: check + NOTE: not-for-us (cosmoshop) CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...) - TODO: check + NOTE: not-for-us (cosmoshop) CAN-2005-2784 (SQL injection vulnerability in the login function for the ...) - TODO: check + NOTE: not-for-us (cosmoshop) CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...) - TODO: check + NOTE: not-for-us (PHP-Fusion) CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...) - TODO: check + NOTE: not-for-us (AutoLinks Pro) CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...) - TODO: check + TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...) - TODO: check + NOTE: not-for-us (Land Down Under) CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...) - TODO: check + NOTE: not-for-us (iTAN) CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...) - TODO: check + NOTE: not-for-us (MyBB) CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us (Looking Glass) CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...) - TODO: check + NOTE: not-for-us (Looking Glass) CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...) - TODO: check + NOTE: not-for-us (Looking Glass) CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...) - TODO: check + NOTE: not-for-us (Litium Quake mod) CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...) - TODO: check + NOTE: not-for-us (HP OpenView) CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...) TODO: check CAN-2005-2771 (Reflection for Secure IT Windows Server 6.0 (formerly known as ...) - TODO: check + NOTE: not-for-us (Reflection for Secure IT) CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 does not properly ...) - TODO: check + NOTE: not-for-us (Reflection for Secure IT) CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...) TODO: check CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...) @@ -301,12 +301,6 @@ CAN-2005-XXXX [osh buffer overflow in handlers.c] NOTE: This is not the same as -13 - osh 1.7-14 (bug #323424; medium) -CAN-2005-XXXX [Insecure delegation of GSSAPI credentials in ssh] - - openssh (unfixed; bug #326065; medium) -CAN-2005-XXXX [Incorrect port forwarding for dynamic ports in ssh] - - openssh (unfixed; bug #326065; medium) -CAN-2005-XXXX [XSS and information information disclosure in phpldapadmin''s welcome.php] - - phpldapadmin 0.9.6c-7 (bug #325785; medium) CAN-2005-XXXX [Insecure symlink handling in smb4k] - smb4k 0.6.3-1 (medium) CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...) @@ -1390,8 +1384,6 @@ - nvi 1.79-22 (medium) CAN-2005-XXXX [bugzilla: Maintainer''s postinst script use temporary files in an unsafe way] - bugzilla (unfixed; bug #321567; medium) -CAN-2005-XXXX [Unspecified XSS in hiki] - - hiki 0.8.3-1 CAN-2005-XXXX [Crypto weakness in Tor''s handshaking process] - tor 0.1.0.14-1 (medium) CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)