Author: joeyh Date: 2005-07-22 01:14:56 +0000 (Fri, 22 Jul 2005) New Revision: 1453 Modified: data/CAN/list Log: processed a few old CANs Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-07-21 22:32:16 UTC (rev 1452) +++ data/CAN/list 2005-07-22 01:14:56 UTC (rev 1453) @@ -271,65 +271,69 @@ TODO: check end claimed by zobel CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...) - TODO: check + NOTE: presumably fixed in linux 2.4.12 CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...) - TODO: check + NOTE: not-for-us (Openwave WAP gateway) CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...) - TODO: check + NOTE: not-for-us (CMG WAP gateway) CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Lotus Domino) CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...) - TODO: check + - vanessa-logger 0.0.2 CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...) - TODO: check + NOTE: not-for-us (MacOS) CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...) - TODO: check + NOTE: not-for-us (HP-UX) CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...) - TODO: check + NOTE: not-for-us (Tomcat 3.2.1 running on HP Secure OS) CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...) - TODO: check + - nvi 1.79-16a.1 + NOTE: was DSA 085 CAN-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...) - TODO: check + NOTE: DSA 082 + - xvt 2.1-13 CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...) - TODO: check + NOTE: not-for-us (OpenBSD) CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...) - TODO: check + - snort 1.8.3 CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2001-1556 (The log files in Apache web server contain information directly ...) - TODO: check + NOTE: documented issue in apache, unlikely to be changed + NOTE: see http://httpd.apache.org/docs/logs.html CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...) - TODO: check + NOTE: not suid in debian CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...) - TODO: check + NOTE: no info in CVE db about fix + TODO: check with current kernel on a system with quotas CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...) - TODO: check + NOTE: not-for-us (Centra) CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...) - TODO: check + NOTE: not-for-us (Tiny Personal Firewall) CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...) - TODO: check + NOTE: not-for-us (Tiny Personal Firewall) CAN-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be saved or ...) - TODO: check + NOTE: not-for-us (Outlook) CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...) - TODO: check + NOTE: not-for-us (Pathways Homecare) CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...) - TODO: check + NOTE: not-for-us (Macromedia JRun) CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...) - TODO: check + NOTE: not-for-us (Macromedia JRun) CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...) - TODO: check + NOTE: not-for-us (Axis network camera) CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...) TODO: check CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)