Secure testing commits - Aug 2005 - r1732 - data/CAN

Author: neilm
Date: 2005-08-30 13:02:15 +0000 (Tue, 30 Aug 2005)
New Revision: 1732

Modified:
   data/CAN/list
Log:
Checks completed


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-08-30 12:41:15 UTC (rev 1731)
+++ data/CAN/list	2005-08-30 13:02:15 UTC (rev 1732)
@@ -1822,17 +1822,17 @@
 CAN-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote
attackers ...)
 	NOTE: not-for-us (FAQManager)
 CAN-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict
access to ...)
-	TODO: check
+	NOTE: not-for-us (PHPNuke)
 CAN-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution
enabled ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0
allows ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for
/php/ ...)
 	NOTE: not-for-us (PHP, Mircrosoft)
 CAN-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not
verify ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not
...)
-	TODO: check
+	NOTE: not-for-us (DOOW)
 CAN-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP
servers to ...)
 	NOTE: not-for-us (BrowseFTP)
 CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers
to ...)
@@ -1841,79 +1841,79 @@
 	NOTE: fixed in 3:2.2.6-5
 	- imp 3:2.2.6-5 (high)
 CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0,
1.1 and ...)
-	TODO: check
+	NOTE: not-for-us (We use the OTHER beep program :P)
 CAN-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier
allows ...)
-	TODO: check
+	NOTE: only affects old-stable
 CAN-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning
Board ...)
-	TODO: check
+	NOTE: not-for-us (wbboard)
 CAN-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a
default ...)
-	TODO: check
+	NOTE: not-for-us (Netgear hardware)
 CAN-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in
...)
-	TODO: check
+	NOTE: not-for-us (osCommerce)
 CAN-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain
privileges by ...)
-	TODO: check
+	NOTE: not-for-us (SAS/Base)
 CAN-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary
code ...)
-	TODO: check
+	NOTE: not-for-us (SAS/Base)
 CAN-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to
kernel ...)
 	TODO: check
 CAN-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703
allows ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages
when a ...)
 	NOTE: not-for-us (Lotus Domino)
 CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Mozilla)
 CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS
for ...)
-	TODO: check
+	NOTE: not-for-us (Apache)
 CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program
...)
-	TODO: check
+	NOTE: not-for-us (faqomatic)
 CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in
htdig ...)
-	TODO: check
+	NOTE: not-for-us (faqomatic)
 CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web
root ...)
-	TODO: check
+	NOTE: not-for-us (Tomcat)
 CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to
obtain the ...)
-	TODO: check
+	NOTE: not-for-us (Tomcat)
 CAN-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4
allows ...)
-	TODO: check
+	NOTE: not-for-us (Tomcat)
 CAN-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and
3.0 ...)
-	TODO: check
+	NOTE: not-for-us (Tomcat)
 CAN-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and
...)
-	TODO: check
+	NOTE: not-for-us (Sun)
 CAN-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers
to ...)
-	TODO: check
+	NOTE: not-for-us (Compaq)
 CAN-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Compaq)
 CAN-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A
allows ...)
-	TODO: check
+	NOTE: not-for-us (Compaq)
 CAN-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with
predictable ...)
-	TODO: check
+	NOTE: not-for-us (jmcce)
 CAN-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly
use ...)
-	TODO: check
+	NOTE: not-for-us (OpenVMS)
 CAN-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could
allow ...)
-	TODO: check
+	NOTE: not-for-us (VVOS)
 CAN-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX
8.0.0 ...)
-	TODO: check
+	NOTE: not-for-us (UnixWare)
 CAN-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass
filtering ...)
-	TODO: check
+	NOTE: not-for-us (ZoneAlarm)
 CAN-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and
earlier ...)
-	TODO: check
+	NOTE: not-for-us (Postnuke)
 CAN-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for
PHP-Nuke ...)
-	TODO: check
+	NOTE: not-for-us (Postnuke)
 CAN-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional
1.030000 ...)
-	TODO: check
+	NOTE: not-for-us (Windows)
 CAN-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to
execute ...)
-	TODO: check
+	NOTE: not-for-us (WebBBS)
 CAN-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS
4 or ...)
-	TODO: check
+	NOTE: not-for-us (Windows)
 CAN-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute
arbitrary ...)
-	TODO: check
+	NOTE: not-for-us (osCommerce)
 CAN-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal
physical ...)
-	TODO: check
+	NOTE: not-for-us (Resin)
 CAN-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service
...)
-	TODO: check
+	NOTE: not-for-us (Resin)
 CAN-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service
...)
-	TODO: check
+	NOTE: not-for-us (Resin)
 CAN-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin
2.1.2 ...)
-	TODO: check
+	NOTE: not-for-us (Resin)
 CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through
2.4.11, when ...)
 	NOTE: presumably fixed in linux 2.4.12
 CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent
user ...)