Author: jmm-guest Date: 2005-04-18 17:43:41 +0000 (Mon, 18 Apr 2005) New Revision: 847 Modified: sarge-checks/CAN/list Log: Lots of not-for-us netapplet is unclear. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-18 13:44:27 UTC (rev 846) +++ sarge-checks/CAN/list 2005-04-18 17:43:41 UTC (rev 847) @@ -31,7 +31,7 @@ CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...) NOTE: not-for-us (sphpBlog) CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...) - TODO: check + NOTE: not-for-us (Serendipity) CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...) NOTE: not-for-us (AS/400 system software) CAN-2005-1132 (LG U8120 modile phone allows remote attackers to cause a denial of ...) @@ -72,21 +72,23 @@ CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...) TODO: check whether this is part of standard phpbb or an addon CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...) - TODO: check + NOTE: not-for-us (Photo Album) CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...) - TODO: check + NOTE: not-for-us (Photo Album) CAN-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...) - TODO: check + NOTE: not-for-us (PhpBB Plus) CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...) - TODO: check + NOTE: not-for-us (IBM Websphere) CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...) TODO: check CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...) - TODO: check + NOTE: not-for-us (Sumus web server) CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...) - TODO: check + NOTE: only part of Woody, has been removed from Sarge and sid + NOTE: not-for-us (Junkbuster) CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...) - TODO: check + NOTE: only part of Woody, has been removed from Sarge and sid + NOTE: not-for-us (Junkbuster) CAN-2005-1107 NOTE: reserved CAN-2005-XXXX [Multiple further vulnerabilities in Mozilla/Firefox beside CAN-2005-0989] @@ -235,7 +237,8 @@ TODO: Check for 2.4.27 - kernel-source-2.6.8 (unfixed; bug #304548) CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) - TODO: check + TODO: check whether Debian''s netapplet is vulnerable or whether this is SuSE + TODO: specific; sent mail to maintainer. CAN-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) - coreutils (unfixed; bug #304556) CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) @@ -4396,7 +4399,7 @@ CAN-2004-1082 NOTE: reserved CAN-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...) - TODO: check + NOTE: not-for-us (Apple MacOS) CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...) NOTE: not-for-us (Microsoft) CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...) @@ -4446,7 +4449,7 @@ CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...) - bugzilla 2.16.7-2 CAN-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...) - TODO: check + NOTE: not-for-us (Novell Netware) CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...) - mnogosearch 3.2.18-2.2 CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) @@ -5652,9 +5655,9 @@ CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...) NOTE: fixed in 2.4.27 CAN-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...) - TODO: check + NOTE: not-for-us (Business Objects WebIntelligence) CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...) - TODO: check + NOTE: not-for-us (Business Objects WebIntelligence) CAN-2004-0532 NOTE: reserved CAN-2004-0531 @@ -5962,7 +5965,7 @@ CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...) NOTE: not-for-us (Cisco Wireless LAN Solution Engine) CAN-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...) - TODO: check + NOTE: not-for-us (SCO OpenServer) CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...) NOTE: not-for-us (RealNetworks Helix Universal Server) CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...) @@ -6004,7 +6007,7 @@ CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...) NOTE: not-for-us (KAME) CAN-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...) - TODO: check + NOTE: not-for-us (Entrust LibKmp ISAKMP library) CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...) NOTE: not-for-us (CDE) CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...) @@ -6504,7 +6507,7 @@ CAN-2004-0091 (Cross-site scripting (XSS) vulnerability in register.php for unknown ...) NOTE: not-for-us (vBulletin) CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...) - TODO: check + NOTE: not-for-us (MacOS) CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...) NOTE: not-for-us (MacOS) CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...) @@ -6751,7 +6754,7 @@ CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...) NOTE: not-for-us (Apple) CAN-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...) NOTE: not-for-us (Cisco) CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...) @@ -6852,7 +6855,7 @@ CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...) NOTE: not-for-us (OpenBSD) CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...) - TODO: check + NOTE: not-for-us (rcp) CAN-2003-0953 NOTE: reserved CAN-2003-0952 @@ -7520,9 +7523,9 @@ CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) NOTE: not-for-us (peoplesoft) CAN-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) - TODO: check + NOTE: not-for-us (peoplesoft) CAN-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) - TODO: check + NOTE: not-for-us (peoplesoft) CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) {DSA-360} CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...) @@ -7961,7 +7964,7 @@ CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOTE: not-for-us (Apple) CAN-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) NOTE: not-for-us (SMC) CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) @@ -8646,7 +8649,7 @@ CAN-2003-0063 {DSA-380} CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...) - TODO: check + NOTE: not-for-us (HP UX) CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) - krb5 1.2.4 CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...) @@ -9100,13 +9103,13 @@ CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...) - ethereal 0.9.8-1 CAN-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) - TODO: check + NOTE: not-for-us (TYPSoft FTP Server) CAN-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...) - TODO: check + NOTE: not-for-us (LocalWEB2000 HTTP server) CAN-2002-1352 (Per Magne Knutsen''s CartMan shopping cart (cartman.php) 1.04 and ...) NOTE: not-for-us (CartMan) CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Melange Chat System) CAN-2002-1350 {DSA-206} - tcpdump 3.6.2-2.2 @@ -9181,7 +9184,7 @@ {DSA-198} - nullmailer 1.00RC5-17 CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...) - TODO: check + NOTE: not-for-us (Linksys) CAN-2002-1311 {DSA-197} - courier 0.40.0-1 @@ -9242,7 +9245,7 @@ CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) {DSA-204} CAN-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...) - TODO: check + NOTE: not-for-us (RealSecure Event Collector) CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) {DSA-194} CAN-2002-1277