Secure testing commits - Jul 2005 - r1319 - data/CAN

Author: joeyh
Date: 2005-07-02 09:14:15 +0000 (Sat, 02 Jul 2005)
New Revision: 1319

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-07-01 22:10:20 UTC (rev 1318)
+++ data/CAN/list	2005-07-02 09:14:15 UTC (rev 1319)
@@ -1,3 +1,115 @@
+CAN-2005-2116 (Unknown vulnerability in the third-party XML-RPC library in
Drupal ...)
+	TODO: check
+CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to
cause ...)
+	TODO: check
+CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4 and Camino 0.8.4 allow remote
attackers ...)
+	TODO: check
+CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the
XMLRPC ...)
+	TODO: check
+CAN-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.11 ...)
+	TODO: check
+CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote
attackers to ...)
+	TODO: check
+CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain
...)
+	TODO: check
+CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote
attackers ...)
+	TODO: check
+CAN-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress
1.5.1.2 and ...)
+	TODO: check
+CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php
in ...)
+	TODO: check
+CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and
4.6.1 ...)
+	TODO: check
+CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass
...)
+	TODO: check
+CAN-2005-2104
+	NOTE: reserved
+CAN-2005-2103
+	NOTE: reserved
+CAN-2005-2102
+	NOTE: reserved
+CAN-2005-2101
+	NOTE: reserved
+CAN-2005-2100
+	NOTE: reserved
+CAN-2005-2099
+	NOTE: reserved
+CAN-2005-2098
+	NOTE: reserved
+CAN-2005-2097
+	NOTE: reserved
+CAN-2005-2096
+	NOTE: reserved
+CAN-2005-2095
+	NOTE: reserved
+CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison
the ...)
+	TODO: check
+CAN-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote
...)
+	TODO: check
+CAN-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison
the web ...)
+	TODO: check
+CAN-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to
poison ...)
+	TODO: check
+CAN-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24
(Coyote/1.0) ...)
+	TODO: check
+CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the
web ...)
+	TODO: check
+CAN-2005-2088 (Apache 2.0.45 and 1.3.29 allows remote attackers to poison the
web ...)
+	TODO: check
+CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote
attackers ...)
+	TODO: check
+CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in
phpBB ...)
+	TODO: check
+CAN-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0
through 6.7 ...)
+	TODO: check
+CAN-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx
in ...)
+	TODO: check
+CAN-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate
...)
+	TODO: check
+CAN-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers
to ...)
+	TODO: check
+CAN-2005-2081 (Stack-based buffer overflow in the function that parses commands
in ...)
+	TODO: check
+CAN-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS)
in ...)
+	TODO: check
+CAN-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for
VERITAS ...)
+	TODO: check
+CAN-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows
...)
+	TODO: check
+CAN-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a
denial of ...)
+	TODO: check
+CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management
Software ...)
+	TODO: check
+CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in
''raw'' page output mode for ...)
+	TODO: check
+CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a
...)
+	TODO: check
+CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays
different ...)
+	TODO: check
+CAN-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient
for ...)
+	TODO: check
+CAN-2004-2148 (Unknown local vulnerability in the "change
user" feature of Slava ...)
+	TODO: check
+CAN-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft
Outlook ...)
+	TODO: check
+CAN-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1
allows ...)
+	TODO: check
+CAN-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1
allows ...)
+	TODO: check
+CAN-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass
...)
+	TODO: check
+CAN-2004-2143 (SQL injection vulnerability in the ReMOSitory module in Mambo
Portal ...)
+	TODO: check
+CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in
the RMT ...)
+	TODO: check
+CAN-2004-2141 (Cross-site scripting (XSS) vulnerability in YaBBC.pl in YaBB 1
Gold ...)
+	TODO: check
+CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows
remote ...)
+	TODO: check
+CAN-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2
allows ...)
+	TODO: check
+CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
+	TODO: check
 CAN-2005-XXXX [proftpd: format string vulnerability in mod_sql''s
SQLShowInfo]
 	- proftpd 1.2.10-20 (medium)
 CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress]
@@ -22,10 +134,10 @@
 	NOTE: not-for-us (Solaris)
 CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when
used ...)
 	- clamav 0.86-1 (medium)
-CAN-2005-2069
-	NOTE: reserved
-CAN-2005-2068
-	NOTE: reserved
+CAN-2005-2069 (pam_ldap and OpenLDAP, when connecting to a slave using TLS,
does not ...)
+	TODO: check
+CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote
attackers ...)
+	TODO: check
 CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions
of ...)
 	NOTE: not-for-us (ASP Nuke)
 CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80
...)
@@ -478,7 +590,7 @@
 	NOTE: not-for-us (JAF CMS)
 CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and
10.5 ...)
 	NOTE: not-for-us (RealPlayer)
-CAN-2005-2051 (Buffer overflow in the Backup Exec Web Administration Console
(BEWAC) ...)
+CAN-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration
Console ...)
 	NOTE: not-for-us (BEWAC)
 CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote
attackers ...)
 	- tor 0.0.9.10-1 (medium)
@@ -549,8 +661,8 @@
 	NOTE: not-for-us (cPanel)
 CAN-2005-2020
 	NOTE: reserved
-CAN-2005-2019
-	NOTE: reserved
+CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor
(SMP) ...)
+	TODO: check
 CAN-2005-2018
 	NOTE: reserved
 CAN-2005-2017
@@ -1006,7 +1118,7 @@
 CAN-2005-1939
 	NOTE: reserved
 CAN-2005-1938
-	NOTE: reserved
+	NOTE: rejected
 CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)
 	- mozilla-firefox 1.0.4-3 (medium)
 CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages
using the ...)
@@ -1039,14 +1151,11 @@
 	NOTE: reserved
 CAN-2005-1924
 	NOTE: reserved
-CAN-2005-1923 [clamav: DoS through malformed CAB archive headers]
-	NOTE: reserved
+CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV)
0.83, ...)
 	- clamav (unfixed; bug #316401; medium)
-CAN-2005-1922 [clamav: DoS through file descriptor leaks in cli_msexpand()]
-	NOTE: reserved
+CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before
0.86 ...)
 	- clamav (unfixed; bug #316462; medium)
-CAN-2005-1921 [Remote code execution through Serendipity''s XMPRPC
parser]
-	NOTE: reserved
+CAN-2005-1921 (PEAR XML_RPC 1.3.0 and earlier, as used in products such as
WordPress, ...)
 	TODO: Track ITP #312413
 CAN-2005-1920
 	NOTE: reserved
@@ -1371,16 +1480,14 @@
 	NOTE: reserved
 CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
 	NOTE: not-for-us (RealPlayer)
-CAN-2005-1765 [Unspecified DoS vulnerability on amd64]
-	NOTE: reserved
+CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
platform, ...)
 	- kernel-source-2.6.8 (unfixed; unknown)
 CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
 	NOTE: reserved
 	- kernel-source-2.6.8 (unfixed; unknown)
 CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
 	- kernel-source-2.6.8 (unfixed; unknown)
-CAN-2005-1762 [Unspecified DoS vulnerability on amd64]
-	NOTE: reserved
+CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
 	- kernel-source-2.6.8 (unfixed; unknown)
 CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context]
 	NOTE: reserved
@@ -1630,7 +1737,7 @@
 CAN-2005-1691
 	NOTE: reserved
 CAN-2005-1690
-	NOTE: reserved
+	NOTE: rejected
 CAN-2005-1689
 	NOTE: reserved
 CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain
sensitive ...)
@@ -4754,12 +4861,12 @@
 	NOTE: not-for-us (PhotoPost)
 CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other
scripts ...)
 	NOTE: not-for-us (PhotoPost)
-CAN-2005-0773
-	NOTE: reserved
-CAN-2005-0772 (NDMLSRVR.DLL in VERITAS Backup Exec 10.0, 10.0 SP1, and possibly
...)
+CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent
9.0 ...)
+	TODO: check
+CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and
9.0.4019 ...)
 	NOTE: not-for-us (VERITAS Backup Exec)
-CAN-2005-0771
-	NOTE: reserved
+CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for
Windows ...)
+	TODO: check
 CAN-2005-0770 (Format string vulnerability in DataRescue Interactive
Disassembler and ...)
 	NOTE: not-for-us (IDA Pro)
 CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech
Telnet ...)
@@ -6330,8 +6437,7 @@
 	NOTE: rejected
 CAN-2005-0394
 	NOTE: reserved
-CAN-2005-0393
-	NOTE: reserved
+CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary
files, ...)
 	{DSA-733-1}
 CAN-2005-0392 (ppxp does not drop root privileges before opening log files,
which ...)
 	{DSA-725-1}
@@ -6403,8 +6509,8 @@
 	NOTE: not-for-us (bind on hp-ux)
 CAN-2005-0361
 	NOTE: reserved
-CAN-2005-0360
-	NOTE: reserved
+CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is
marked ...)
+	TODO: check
 CAN-2005-0359
 	NOTE: reserved
 CAN-2005-0358