Secure testing commits - Mar 2005 - r559 - sarge-checks/CAN

Author: joeyh
Date: 2005-03-16 07:33:10 +0100 (Wed, 16 Mar 2005)
New Revision: 559

Modified:
   sarge-checks/CAN/list
Log:
process and claim

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-16 05:55:10 UTC (rev 558)
+++ sarge-checks/CAN/list	2005-03-16 06:33:10 UTC (rev 559)
@@ -1,69 +1,67 @@
-begin claimed by joeyh
 CAN-2005-0748 (PHP remote code injection vulnerability in initdb.php for
WEBInsta ...)
-	TODO: check
+	NOTE: not-for-us (WEBInsta)
 CAN-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	NOTE: not-for-us (ApplyYourself)
 CAN-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier
...)
-	TODO: check
+	NOTE: not-for-us (Novell iChain)
 CAN-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows
local ...)
-	TODO: check
+	NOTE: not-for-us (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor)
 CAN-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows
attackers ...)
-	TODO: check
+	NOTE: not-for-us (Novell iChain)
 CAN-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS
2.0.9.2 ...)
-	TODO: check
+	NOTE: not-for-us (XOOPS)
 CAN-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
-	TODO: check
+	NOTE: not-for-us (Sun Java System Application Server)
 CAN-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0
RC1 ...)
-	TODO: check
+	NOTE: not-for-us (YaBB)
 CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote
...)
-	TODO: check
+	NOTE: not-for-us (OpenBSD)
 CAN-2005-0739 (The IAPP dissector for Ethereal 0.9.1 to 0.9.9 does not properly
use ...)
-	TODO: check
+	- ethereal 0.9.10
 CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows
users to ...)
-	TODO: check
+	NOTE: not-for-us (Microsoft)
 CAN-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to
execute ...)
-	TODO: check
+	NOTE: not-for-us (Yahoo Messenger)
 CAN-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux
kernel 2.6 ...)
-	TODO: check
+	NOTE: 2.6 through .11
+	TODO: check with kernel team
 CAN-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain
...)
-	TODO: check
+	NOTE: not-for-us (newsscript)
 CAN-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (PY Software Active Webcam WebServer)
 CAN-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (PY Software Active Webcam WebServer)
 CAN-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (PY Software Active Webcam WebServer)
 CAN-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (PY Software Active Webcam WebServer)
 CAN-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
-	TODO: check
+	NOTE: not-for-us (PY Software Active Webcam WebServer)
 CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier
allows ...)
-	TODO: check
+	NOTE: not-for-us (Xpand Rally)
 CAN-2005-0728
 	NOTE: rejected
-	TODO: check
 CAN-2005-0727
 	NOTE: rejected
-	TODO: check
 CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0
allows ...)
-	TODO: check
+	NOTE: not-for-us (UBB.threads)
 CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in
...)
-	TODO: check
+	NOTE: not-for-us (wfsections)
 CAN-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain
sensitive ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB)
 CAN-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu
function in ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB)
 CAN-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for
the ...)
-	TODO: check
+	NOTE: not-for-us (eXPerience2)
 CAN-2005-0721 (PHP remote code injection vulnerability in modules.php in
eXPerience2 ...)
-	TODO: check
+	NOTE: not-for-us (eXPerience2)
 CAN-2005-0720 (PHP remote code injection vulnerability in header.php in PHP
mcNews ...)
-	TODO: check
+	NOTE: not-for-us (mcNews)
 CAN-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64
Unix ...)
-	TODO: check
+	NOTE: not-for-us (Tru64)
 CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a
...)
-	TODO: check
-end claimed by joeyh
+	- squid 2.5.8
+begin claimed by joeyh
 CAN-2005-0717
 	NOTE: reserved
 CAN-2005-0716
@@ -123,6 +121,7 @@
 	TODO: check
 CAN-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate
...)
 	TODO: check
+end claimed by joeyh
 CAN-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple
...)
 	TODO: check
 CAN-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia
SIP ...)