Author: jmm-guest Date: 2005-05-03 22:44:07 +0000 (Tue, 03 May 2005) New Revision: 975 Modified: sarge-checks/CAN/list Log: I found a source for this old mcedit "vulnerability" and I think it''s harmless. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-03 22:16:48 UTC (rev 974) +++ sarge-checks/CAN/list 2005-05-03 22:44:07 UTC (rev 975) @@ -1496,8 +1496,11 @@ CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) NOTE: not-for-us (Cayman DSL router) CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) - TODO: check - NOTE: could not find enough info about the vulneraility to check it + NOTE: I could track this down to this posting + NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html + NOTE: This looks very obscure an does not contain useful information on how this + NOTE: was triggered and even then it''s not a problem, as mcedit usage does not + NOTE: have a remote impact and is not suid CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) NOTE: not-for-us (IPC@CHIP Embedded web server) CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)