Author: jmm-guest Date: 2005-06-28 08:03:56 +0000 (Tue, 28 Jun 2005) New Revision: 1290 Modified: data/CAN/list Log: process some older TODOs Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-28 07:40:47 UTC (rev 1289) +++ data/CAN/list 2005-06-28 08:03:56 UTC (rev 1290) @@ -321,7 +321,7 @@ CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...) NOTE: not-for-us (Microsoft) CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...) - TODO: check + - vtun 2.6-1 CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...) NOTE: not-for-us (Microsoft Outlook plugin) CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) @@ -343,34 +343,35 @@ CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...) NOTE: not-for-us (AIX) CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) - TODO: check + NOTE: not-for-us (BadBlue Enterprise Edition) CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) - TODO: check + NOTE: not-for-us (Deerfield D2Gfx) CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...) - TODO: check + NOTE: not-for-us (BadBlue Personal Edition) CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) - TODO: check + NOTE: not-for-us (NewsReactor) CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...) - TODO: check + NOTE: Only present in intermediate CVS version, not released in Debian CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...) - TODO: check + NOTE: not-for-us (COWS) CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...) - TODO: check + NOTE: not-for-us (vBulletin) CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) - TODO: check + NOTE: not-for-us (vBulletin) CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...) - TODO: check + NOTE: not-for-us (mrtgconfig) CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...) - TODO: check + NOTE: not-for-us (BindView NetInventory) CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...) - TODO: check + NOTE: not-for-us (Unreal IRCd) CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...) NOTE: kfreebsd use a much more recent version of the freebsd kernel NOTE: not-for-us (FreeBSD) CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...) TODO: check CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...) - TODO: check + NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian''s + NOTE: webmin package look sane and FHS compliant CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) NOTE: not-for-us (Microsoft) CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...) @@ -385,7 +386,7 @@ CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...) NOTE: not-for-us (Oracle) CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...) - TODO: check + NOTE: not-for-us (HP Secure OS layer) CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...) - tinc 1.0pre5-1 CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...) @@ -393,11 +394,12 @@ CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...) NOTE: not-for-us (Sun) CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...) - TODO: check + NOTE: not-for-us (WebCart) CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...) - TODO: check + NOTE: Fix went into proftpd CVS on 2002-12-12 + - proftpd 1.2.8-1 CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...) - TODO: check + - proftpd 1.2.4-1 CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...) NOTE: not-for-us (Check Point) CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...) @@ -407,7 +409,7 @@ CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...) TODO: check CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...) - TODO: check + NOTE: not-for-us (Network Query Tool) CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...) - util-linux 2.11n-1 CAN-2001-1492 ( ...) @@ -1058,7 +1060,7 @@ CAN-2005-1730 NOTE: reserved CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Novell) CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...) NOTE: not-for-us (Apple) CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...) @@ -1183,7 +1185,7 @@ CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...) NOTE: not-for-us (Extreme BlackDiamond hardware) CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...) NOTE: not-for-us (YusASP Web Asset Manager) CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...) @@ -2415,7 +2417,7 @@ - mozilla-firefox 1.0.4-1 TODO: check mozilla too CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...) - TODO: check + NOTE: not-for-us (Opera) CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...) NOTE: not-for-us (Apple) CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)