thr3ads.net - Secure testing commits - [Secure-testing-commits] r518

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Mar-03 21:26 UTC
[Secure-testing-commits] r518 - sarge-checks/CAN

Author: joeyh
Date: 2005-03-03 22:25:59 +0100 (Thu, 03 Mar 2005)
New Revision: 518

Modified:
   sarge-checks/CAN/list
Log:
processed my block


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-03 21:04:33 UTC (rev 517)
+++ sarge-checks/CAN/list	2005-03-03 21:25:59 UTC (rev 518)
@@ -14,55 +14,56 @@
 	NOTE: not-for-us (Einstein)
 CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames
and ...)
 	NOTE: not-for-us (Einstein)
-begin claimed by joeyh
 CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance
200/200R ...)
-	TODO: check
+	NOTE: not-for-us (Symantec Firewall/VPN Appliance 200/200R firmware)
 CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750
and ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the
Download ...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2)
...)
-	TODO: check
+	NOTE: not-for-us (PostNuke)
 CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers
to ...)
-	TODO: check
+	- phpbb2 2.0.13-1
 CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with
PHP-Nuke, ...)
-	TODO: check
+	NOTE: not-for-us (FCKeditor)
 CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530
contain ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
-	TODO: check
+	NOTE: not-for-us (Real)
 CAN-2005-0610
 	NOTE: reserved
 CAN-2005-0609
 	NOTE: reserved
 CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (Half Life WebMod)
 CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to
determine the ...)
-	TODO: check
+	NOTE: not-for-us (CubeCert)
 CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for
...)
-	TODO: check
+	NOTE: not-for-us (CubeCert)
 CAN-2005-0605
 	NOTE: reserved
 CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the
...)
-	TODO: check
+	NOTE: not-for-us (GFI Languard Network Security Scanner)
 CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote
attackers to ...)
-	TODO: check
+	- phpbb2 2.0.13-1
 CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when
extracting ...)
-	TODO: check
+	- unzip 5.52-1
+	NOTE: um, tar does this too, not really considered a security hole
 CAN-2005-0601 (Cisco devices running Application and Content Networking System
(ACNS) ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0600 (Cisco devices running Application and Content Networking System
(ACNS) ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0599 (Cisco devices running Application and Content Networking System
(ACNS) ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running
Application and ...)
-	TODO: check
+	NOTE: not-for-us (Real)
 CAN-2005-0597 (Cisco devices running Application and Content Networking System
(ACNS) ...)
-	TODO: check
+	NOTE: not-for-us (Cisco)
 CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service
(daemon ...)
+	NOTE: securityfocus.com down and couldn''t find enough info to check
 	TODO: check
 CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote
attackers ...)
-	TODO: check
+	NOTE: not-for-us (BadBlue)
 CAN-2005-0594
 	NOTE: reserved
 CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote
attackers ...)
@@ -92,11 +93,11 @@
 	- mozilla-firefox 1.0.1
 	- mozilla-browser (unfixed; bug #297620)
 CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA)
License ...)
-	TODO: check
+	NOTE: not-for-us (Computer Associates (CA) License Client)
 CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client
0.1.0.15 ...)
-	TODO: check
+	NOTE: not-for-us (Computer Associates (CA) License Client)
 CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License
Client ...)
-	TODO: check
+	NOTE: not-for-us (Computer Associates (CA) License Client)
 CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop
privileges ...)
 	NOTE: not-for-us (cmd5checkpw)
 CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the
...)
@@ -164,7 +165,6 @@
 	NOTE: reserved
 CAN-2005-0548
 	NOTE: reserved
-end claimed by joeyh
 begin claimed by djoume
 CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla
1.7.2, ...)
 	TODO: check
Secure testing commits - Mar 2005 - r518 - sarge-checks/CAN

[Secure-testing-commits] r518 - sarge-checks/CAN
