Secure testing commits - Jul 2005 - r1403 - data/CAN

Author: jmm-guest
Date: 2005-07-15 12:50:31 +0000 (Fri, 15 Jul 2005)
New Revision: 1403

Modified:
   data/CAN/list
Log:
new snmp dos issue


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-07-15 12:38:28 UTC (rev 1402)
+++ data/CAN/list	2005-07-15 12:50:31 UTC (rev 1403)
@@ -151,35 +151,35 @@
 	NOTE: not-for-us (Comersus)
 CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0
...)
 	NOTE: not-for-us (Lantronix SecureLinx)
-begin claimed by jmm
 CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user
ID from ...)
-	TODO: check
+	NOTE: not-for-us (McAfee IntruShield)
 CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
-	TODO: check
+	NOTE: not-for-us (McAfee IntruShield)
 CAN-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee
...)
-	TODO: check
+	NOTE: not-for-us (McAfee IntruShield)
 CAN-2005-2185 (eRoom does not set an expiration for Cookies, which allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (eRoom)
 CAN-2005-2184 (eRoom 6.x does not properly restrict files that can be attached,
which ...)
-	TODO: check
+	NOTE: not-for-us (eRoom)
 CAN-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly
handle ...)
-	TODO: check
+	NOTE: not-for-us (PhpXmail)
 CAN-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do
not ...)
-	TODO: check
+	NOTE: not-for-us (PhpXmail)
 CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly
check the ...)
-	TODO: check
+	NOTE: not-for-us (SIP phone hardware issue)
 CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions,
when ...)
 	TODO: check
 CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws
0.5.2 ...)
-	TODO: check
+	NOTE: not-for-us (Jaws)
 CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands
via ...)
-	TODO: check
+	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
+	NOTE: the affected probe.cgi
 CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x
before ...)
-	TODO: check
+	- net-snmp (unfixed; bug filed; medium)
 CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment
without ...)
-	TODO: check
+	NOTE: not-for-us (Novell NetMail)
 CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes
HTML in ...)
-	TODO: check
+	NOTE: not-for-us (Notes)
 CAN-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before
2.20rc1 ...)
 	- bugzilla 2.18.3-1 (low)
 CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1
to ...)
@@ -189,14 +189,13 @@
 CAN-2005-2171
 	NOTE: reserved
 CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework
Endpoint ...)
-	TODO: check
+	NOTE: not-for-us (Tivoli)
 CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums
2.0 ...)
-	TODO: check
+	NOTE: not-for-us (AliveSites)
 CAN-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums
2.0 ...)
-	TODO: check
+	NOTE: not-for-us (AliveSites)
 CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in
Express-Web ...)
-	TODO: check
-end claimed by jmm
+	NOTE: not-for-us (Express-Web)
 CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9
through ...)
 	TODO: check
 CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9
through ...)