Author: joeyh Date: 2005-04-14 21:14:19 +0000 (Thu, 14 Apr 2005) New Revision: 822 Modified: sarge-checks/CAN/list Log: automatic CAN database update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-14 18:38:02 UTC (rev 821) +++ sarge-checks/CAN/list 2005-04-14 21:14:19 UTC (rev 822) @@ -1,3 +1,19 @@ +CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...) + TODO: check +CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...) + TODO: check +CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...) + TODO: check +CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...) + TODO: check +CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...) + TODO: check +CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...) + TODO: check +CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...) + TODO: check CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...) NOTE: not-for-us (GetDataBack for NTFS (Windows)) CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...) @@ -1366,8 +1382,8 @@ NOTE: not-for-us (Cisco) CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...) NOTE: not-for-us (Real) -CAN-2005-0610 - NOTE: reserved +CAN-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...) + TODO: check CAN-2005-0609 NOTE: reserved CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...) @@ -1474,26 +1490,26 @@ NOTE: reserved CAN-2005-0563 NOTE: reserved -CAN-2005-0562 - NOTE: reserved +CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...) + TODO: check CAN-2005-0561 NOTE: reserved -CAN-2005-0560 - NOTE: reserved +CAN-2005-0560 (Heap-based buffer overflow in the SMTP service of Exchange Server 2000 ...) + TODO: check CAN-2005-0559 NOTE: reserved -CAN-2005-0558 - NOTE: reserved +CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...) + TODO: check CAN-2005-0557 NOTE: reserved CAN-2005-0556 NOTE: reserved -CAN-2005-0555 - NOTE: reserved -CAN-2005-0554 - NOTE: reserved -CAN-2005-0553 - NOTE: reserved +CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...) + TODO: check +CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...) + TODO: check +CAN-2005-0553 (Race condition in the memory management routines in the DHTML object ...) + TODO: check CAN-2005-0552 NOTE: reserved CAN-2005-0551 (The Client Server Runtime System (CSRSS) process of Microsoft Windows ...) @@ -2371,7 +2387,6 @@ CAN-2005-0405 NOTE: reserved CAN-2005-0404 [information leak in kmail] - NOTE: reserved NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020 NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html @@ -3503,8 +3518,8 @@ NOTE: not-for-us (Microsoft) CAN-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...) NOTE: not-for-us (Microsoft) -CAN-2005-0048 - NOTE: reserved +CAN-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...) + TODO: check CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...) NOTE: not-for-us (Microsoft) CAN-2005-0046 @@ -4331,8 +4346,8 @@ - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...) - bugzilla 2.16.7-2 -CAN-2004-1060 - NOTE: reserved +CAN-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...) + TODO: check CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) - mnogosearch 3.2.18-2.2 CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) @@ -4586,7 +4601,7 @@ NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge NOTE: DSA says zinf not vulnerable in sarge - zinf 2.2.5 -CAN-2004-0963 (MS Word 2002 (10.6612.6714) SP3, and possibly other versions, allows ...) +CAN-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...) NOTE: not-for-us (windows) CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...) NOTE: not-for-us (Apple Remote Desktop Client) @@ -4989,10 +5004,10 @@ - bsdmainutils 6.0.15 CAN-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...) - rsync 2.6.3 -CAN-2004-0791 - NOTE: reserved -CAN-2004-0790 - NOTE: reserved +CAN-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) + TODO: check +CAN-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...) + TODO: check CAN-2004-0789 NOTE: reserved CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)