Author: jmm-guest Date: 2005-05-01 11:28:26 +0000 (Sun, 01 May 2005) New Revision: 944 Modified: sarge-checks/CAN/list Log: Lots of not-for-us ethereal, imagemagick and tcpdump and maxdb CANified. phpbb2 already fixed. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-01 10:12:59 UTC (rev 943) +++ sarge-checks/CAN/list 2005-05-01 11:28:26 UTC (rev 944) @@ -69,21 +69,20 @@ NOTE: reserved CAN-2005-1330 NOTE: reserved -begin claimed by jmm CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (OneWorldStore) CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (OneWorldStore) CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...) - TODO: check + NOTE: not-for-us (Woltlab Burning Board) CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...) - TODO: check + NOTE: not-for-us (VooDoo cIRCle BOTNET) CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...) - TODO: check + NOTE: not-for-us (phpMyVisites) CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...) - TODO: check + NOTE: not-for-us (phpMyVisites) CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (NetTerm) CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...) TODO: check CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...) @@ -109,9 +108,9 @@ CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...) TODO: check CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (bBlog) CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) - TODO: check + NOTE: not-for-us (bBlog) CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) TODO: check CAN-2005-1307 @@ -119,69 +118,69 @@ CAN-2005-1306 NOTE: reserved CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...) - TODO: check + NOTE: not-for-us (hyper.cgi) CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...) - TODO: check + NOTE: not-for-us (citat.pl) CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...) - TODO: check + NOTE: not-for-us (citat.pl) CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...) - TODO: check + NOTE: not-for-us (Confixx) CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...) - TODO: check + NOTE: not-for-us (nProtect:Netizen) CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...) - TODO: check + NOTE: not-for-us (inserter.cgi) CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us (inserter.cgi) CAN-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...) - TODO: check + NOTE: not-for-us (inserter.cgi) CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...) - TODO: check + NOTE: not-for-us (include.cgi) CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...) - TODO: check + NOTE: not-for-us (include.cgi) CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...) - TODO: check + NOTE: not-for-us (include.cgi) CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...) TODO: check CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...) - TODO: check + NOTE: not-for-us (StorePortal) CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...) - TODO: check + NOTE: not-for-us (CartWIZ ASP Cart) CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...) - TODO: check + NOTE: not-for-us (CartWIZ ASP Cart) CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...) - TODO: check + - phpbb2 2.0.13+1-5 CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...) - TODO: check + NOTE: not-for-us (E-Cart) CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...) - TODO: check + NOTE: not-for-us (ACS Blog) CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...) - TODO: check + NOTE: not-for-us (BK Forum) CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...) - TODO: check + NOTE: not-for-us (Bitdefender) CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...) - TODO: check + NOTE: not-for-us (Woltlab Burning Board) CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...) - TODO: check + NOTE: not-for-us (Argosoft Mail Server Pro) CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...) - TODO: check + NOTE: not-for-us (Argosoft Mail Server Pro) CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...) - TODO: check + NOTE: not-for-us (Argosoft Mail Server Pro) CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...) - TODO: check + - ethereal 0.10.10-2 CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...) - TODO: check + - ethereal 0.10.10-2 CAN-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...) - TODO: check + - tcpdump 3.8.3-4 CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...) - TODO: check + - tcpdump 3.8.3-4 CAN-2005-1277 NOTE: reserved CAN-2005-1276 NOTE: reserved CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...) - TODO: check + - imagemagick (unfixed; bug #306424) CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...) - TODO: check + - maxdb-7.5.00 (unfixed; #306454) CAN-2005-1273 NOTE: reserved CAN-2005-1272 @@ -192,13 +191,8 @@ TODO: check CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...) TODO: check -end claimed by jmm -CAN-2005-XXXX [Four DoS vulnerabilities in tcpdump] - - tcpdump 3.8.3-4 CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 -CAN-2005-XXXX [Two buffer overflows in MaxDB] - - maxdb-7.5.00 (unfixed; #306454) CAN-2005-1269 NOTE: reserved CAN-2005-1268 @@ -247,12 +241,8 @@ NOTE: not-for-us (Novell Nsure Audit) CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...) NOTE: not-for-us (snmppd) -CAN-2005-XXXX [Heap overflow in Imagemagick''s ReadPNMImage()] - - imagemagick (unfixed; bug #306424) CAN-2005-XXXX [Multiple security problems in Quake 2] - quake2 (unfixed; bug #280573) -CAN-2005-XXXX [Security problems in Ethereal''s DLSw, ICE, NDPS, Q931, RSVP and SRVLOC dissectors] - - ethereal 0.10.10-2 CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...) NOTE: not-for-us (MediaWiki not yet in Debian) TODO: track ITP: #217571