Author: joeyh
Date: 2005-04-04 21:14:19 +0000 (Mon, 04 Apr 2005)
New Revision: 744
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-04-04 19:52:27 UTC (rev 743)
+++ sarge-checks/CAN/list 2005-04-04 21:14:19 UTC (rev 744)
@@ -1,3 +1,57 @@
+CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and
earlier ...)
+ TODO: check
+CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only
examine ...)
+ TODO: check
+CAN-2005-0962 (SQL injection vulnerability in index.php for Lighthouse
Squirrelcart ...)
+ TODO: check
+CAN-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before
...)
+ TODO: check
+CAN-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1)
tcp_input.c ...)
+ TODO: check
+CAN-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3
may ...)
+ TODO: check
+CAN-2005-0958 (Format string vulnerability in the log_do function in log.c for
YepYep ...)
+ TODO: check
+CAN-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote
...)
+ TODO: check
+CAN-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT
MX ...)
+ TODO: check
+CAN-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows
remote ...)
+ TODO: check
+CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1
allows ...)
+ TODO: check
+CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to
modify ...)
+ TODO: check
+CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB
3.1 ...)
+ TODO: check
+CAN-2005-0951 (SQL injection vulnerability in pafiledb.php in PaFileDB 3.1
allow ...)
+ TODO: check
+CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2
allows ...)
+ TODO: check
+CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in
content.asp in ...)
+ TODO: check
+CAN-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows
...)
+ TODO: check
+CAN-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin
1.2.1b and ...)
+ TODO: check
+CAN-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows
...)
+ TODO: check
+CAN-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1
allows ...)
+ TODO: check
+CAN-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll),
...)
+ TODO: check
+CAN-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and
...)
+ TODO: check
+CAN-2005-0942 (Unknown vulnerability in Sybase Adaptive Server Enterprise (ASE)
XP ...)
+ TODO: check
+CAN-2005-0941
+ NOTE: reserved
+CAN-2005-0939
+ NOTE: reserved
+CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the
web ...)
+ TODO: check
+CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform
...)
+ TODO: check
CAN-2005-XXXX [Insecure tempfile usage in sharutils]
- sharutils 4.2.1-13
CAN-2005-XXXX [Several DoS possibilities of clients against the server in
Freeciv]
@@ -8,7 +62,7 @@
- kdenetwork 4:3.3.2-2
CAN-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI
PayPal ...)
NOTE: not-for-us (ESMI PayPal Storefront)
-CAN-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront
...)
+CAN-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront
allow ...)
NOTE: not-for-us (ESMI PayPal Storefront)
CAN-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki
R4 ...)
NOTE: not-for-us (WackoWiki)
@@ -29,7 +83,7 @@
CAN-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers
to ...)
- sylpheed 1.0.4-1
- sylpheed-claws 1.0.4-1
-CAN-2005-0925 (Cross-site scripting (XSS) vulnerability in Ublog 1.0 through
1.0.4 ...)
+CAN-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog
Reload ...)
NOTE: not-for-us (Uapplication Ublog)
CAN-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0
allows ...)
NOTE: not-for-us (Adventia E-Data)
@@ -99,8 +153,8 @@
NOTE: no patch known at this time. See also: CAN-2005-0892
CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or
local ...)
- smail 3.2.0.115-7
-CAN-2005-0891
- NOTE: reserved
+CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows
remote ...)
+ TODO: check
CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may
allow ...)
NOTE: "long output from wc to shar"
- sharutils 1:4.2.1-12
@@ -530,7 +584,6 @@
CAN-2005-0751
NOTE: reserved
CAN-2005-0750 [Linux kernel af_bluetooth range check flaw; possibly local root]
- NOTE: reserved
- kernel-source-2.4.27-10
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0749 [Linux kernel DoS vulnerability in elf_load_library()]
@@ -657,7 +710,8 @@
- mysql-dfsg-4.1 4.1.10a
CAN-2005-0708
NOTE: reserved
-CAN-2003-1130 (rpc.walld on Solaris 2.x through 9, and possibly other operating
...)
+CAN-2003-1130
+ NOTE: rejected
NOTE: not-for-us (solaris)
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice
Chat) ...)
NOTE: not-for-us (Yahoo Audio Conferencing ActiveX control)
@@ -1299,10 +1353,8 @@
CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang
4.65 ...)
NOTE: not-for-us (PBLang)
CAN-2005-0525 [PHP DoS vulnerability in JPEG header parsing]
- NOTE: reserved
- php4 4:4.3.10-10
CAN-2005-0524 [PHP DoS vulnerability in IFF header parsing]
- NOTE: reserved
- php4 4:4.3.10-10
CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier
allows ...)
- prozilla 1:1.3.7.4-1
@@ -1698,7 +1750,7 @@
NOTE: not-for-us (aspWebAlbum)
CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote
attackers ...)
NOTE: not-for-us (aspWebCalendar)
-CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email, (2)
...)
+CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2)
file ...)
NOTE: not-for-us (PafileDB)
CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows
remote ...)
NOTE: not-for-us (Motorola Router)
@@ -1929,7 +1981,7 @@
NOTE: not-for-us (CubeCart)
CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart
2.0.4 ...)
NOTE: not-for-us (CubeCart)
-CAN-2005-0441 (Unknown vulnerability in Sybase Adaptive Server Enterprise (ASE)
...)
+CAN-2005-0441 (Buffer overflow in Sybase Adaptive Server Enterprise (ASE) 12.x
before ...)
NOTE: not-for-us (Sybase)
CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass
authentication and ...)
- elog 2.5.7+r1558-1
@@ -2043,12 +2095,13 @@
- lsh-utils 2.0-1
CAN-2005-0388 [Improper IP number validity checking in remstats permits
arbitrary command execution]
NOTE: reserved
+ {DSA-704-1}
- remstats 1.0.13a-5
CAN-2005-0387 [Symlink attack in unix-status-server.pl of remstats]
NOTE: reserved
+ {DSA-704-1}
- remstats 1.0.13a-5
-CAN-2005-0386
- NOTE: reserved
+CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in
mailreader ...)
{DSA-700-1}
CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain
insecure ...)
{DSA-693-1}
@@ -2519,6 +2572,7 @@
CAN-2005-0257
NOTE: reserved
CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and
2.6.2 ...)
+ {DSA-705-1}
- wu-ftpd 2.6.2-19
CAN-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and
...)
- mozilla-firefox 1.0.1
@@ -2580,7 +2634,7 @@
NOTE: not-for-us (Solaris)
CAN-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause
a ...)
NOTE: not-for-us (Solaris)
-CAN-2003-1071 (wall for Solaris 2.6 through 9 allows local users to send
messages to ...)
+CAN-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local
users ...)
NOTE: not-for-us (Solaris)
CAN-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9
allows ...)
NOTE: not-for-us (Solaris)
@@ -5442,7 +5496,7 @@
CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via
.. (dot ...)
{DSA-486}
- cvs 1:1.12.5-4
-CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary
files, ...)
+CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary
files ...)
{DSA-488}
CAN-2004-0403 (Racoon before 20040408a allows remote attackers to cause a
denial of ...)
- racoon 0.3.1-3
@@ -5509,7 +5563,7 @@
{DSA-473}
CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004,
Norton ...)
NOTE: not-for-us (Symantec Norton Internet Security)
-CAN-2004-0374 (Unknown vulnerability in Interchange before 4.8.3 allows remote
...)
+CAN-2004-0374 (Interchange before 5.0.1 allows remote attackers to
"expose the ...)
{DSA-471}
CAN-2004-0373
NOTE: reserved
@@ -6572,6 +6626,7 @@
CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial
of ...)
- pan 0.13.4-1
CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to
...)
+ {DSA-705-1}
- coreutils 5.2.1-1
CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages
may ...)
- coreutils 5.2.1-1
@@ -6992,7 +7047,7 @@
NOTE: not-for-us (gamespy)
CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows
local ...)
{DSA-368}
-CAN-2003-0648 (Multiple buffer overflows in vfte, based on fte, before 0.50,
allow ...)
+CAN-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50,
allow ...)
{DSA-472}
CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and
earlier ...)
NOTE: not-for-us (Cisco)