Author: micah
Date: 2005-02-17 23:02:45 +0100 (Thu, 17 Feb 2005)
New Revision: 430
Modified:
sarge-checks/CAN/list
Log:
Went over all the kernel TODOs with joshk, found 4 unknown holes and
got them in the debian packages, confirmed the others were taken care
of. Three remain as unknowns, pending more info. Resolved merge conflict
as another Reserved CAN became available while I was working
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-02-17 20:14:29 UTC (rev 429)
+++ sarge-checks/CAN/list 2005-02-17 22:02:45 UTC (rev 430)
@@ -845,12 +845,14 @@
CAN-2005-0181
NOTE: reserved
CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function
in ...)
- NOTE: Fixed in 2.6.8-12
- kernel-source-2.6.8 2.6.8-12
+ - kernel-source-2.6.9 2.6.9-5
+ - kernel-source-2.6.10 2.6.10-2
CAN-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a
denial of ...)
NOTE: Does not apply to 2.6.8
- NOTE: Fixed in 2.6.9-6 to be uploaded
+ NOTE: Fix in 2.6.9-6 pending upload
- kernel-source-2.6.9 2.6.9-6
+ - kernel-source-2.6.10 2.6.10-4
CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
has ...)
NOTE: see USN-82-1
CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table
size, ...)
@@ -1353,7 +1355,7 @@
- mysql-dfsg 4.0.23-3
CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on
64-bit ...)
NOTE: 2.4 unaffected; 64 bit arches only
- NOTE: fixed in 2.6.9-3 and 2.6.8-9 according to joshk
+ NOTE: Fixed upstream in 2.6.10
- kernel-source-2.6.8 2.6.8-9
- kernel-source-2.6.9 2.6.9-3
CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
@@ -1371,22 +1373,25 @@
NOTE: not-for-us (oracle)
CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux
kernel 2.6 ...)
NOTE: <dilinger> joeyh: we''re mostly not vulnerable, because
the module is generally loaded from the initrd (or very early on at some point)
- NOTE: micah checking with kernel team
- TODO: re-check with kernel team re fix
+ NOTE: <joshk> i thought we had it <joshk> but i think
there''s a reason we don''t <joshk> and i need to ask
dilinger about it
+ NOTE: micah is waiting for joshk to get back to him on this
NOTE: apparently it only affects 2.6
CAN-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files
with ...)
- tetex-bin 2.0.2-25
CAN-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel
before ...)
+ NOTE: Fixed in upstream 2.6.10
- kernel-source-2.6.8 2.6.8-11
- NOTE: micah checking with kernel team
- NOTE: 14:26 <joshk> ok, you got me there 14:27 <joshk> applying
now
- TODO: what about 2.4? Vulnerable according to advisory.
+ - kernel-source-2.6.9 2.6.9-4
+ - kernel-source-2.4.27 2.4.27-9
CAN-2004-1334 (Integer overflow in the ip_options_get function in the Linux
kernel ...)
- NOTE: micah checking with kernel team
- TODO: re-check with kernel team (was unfixed before)
+ NOTE: apparantly 2.6 only
+ NOTE: Fixed in upstream 2.6.10
+ - kernel-source-2.6.8 2.6.8-11
+ - kernel-source-2.6.9 2.6.9-4
CAN-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel
2.4 and ...)
- NOTE: micah checking with kernel team
+ NOTE: Fixed in upstream 2.6.10
- kernel-source-2.6.8 2.6.8-11
+ - kernel-source-2.6.9 2.6.9-4
TODO: what about 2.4?
CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i,
with ...)
NOTE: not-for-us (hpux)
@@ -1704,11 +1709,12 @@
CAN-2004-1192 (Format string vulnerability in the lprintf function in
Citadel/UX 6.27 ...)
NOTE: not-for-us (Citadel/UX)
CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP
systems ...)
- NOTE: micah checking with kernel team
- TODO: check with kernel team
+ TODO: come back to this one micah
+ NOTE: joshk says he doesn''t understand this one
NOTE: looks like 2.4 is ok, 2.6.8 is vulnerable
CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9
do not ...)
- NOTE: micah checking with kernel team
+ NOTE: micah checking with kernel team, need to track this down
+ NOTE: CAN URL is broken, <joshk> i''ve officially no idea what
the bug is
TODO: check with kernel team
CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv
for MIT ...)
{DSA-629-1}
@@ -1794,9 +1800,9 @@
CAN-2004-1152 (Buffer overflow in the mailListIsPd function in Adobe Acrobat
Reader ...)
NOTE: not-for-us (Adobe Acrobat Reader)
CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
...)
- NOTE: fixed in kernel team svn (?)
- NOTE: micah checking with kernel team
- TODO: track fix
+ NOTE: Fixed in upstream 2.6.10
+ - kernel-source-2.6.8 2.6.8-11
+ - kernel-source-2.6.9 2.6.9-4
CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp
5.0 ...)
NOTE: not-for-us (Winamp)
CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4,
including ...)
@@ -1811,8 +1817,7 @@
- kdelibs 4:3.3.2-1
CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4
on ...)
NOTE: amd64 specific
- NOTE: micah checking with kernel team
- TODO: check with kernel team
+ - kernel-source-2.4.27-9
CAN-2004-1143 (The password generation in mailman before 2.1.5 generates only 5
...)
- mailman 2.1.5-5
CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a
...)
@@ -2001,8 +2006,9 @@
CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in
mnoGoSearch ...)
- mnogosearch 3.2.18-2.2
CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read
the ...)
- NOTE: micah checking with kernel team
- TODO: check with kernel team
+ NOTE: Fixed in 2.6.10 upstream
+ - kernel-source-2.6.8 2.6.8-14
+ - kernel-source-2.6.9 s.6.9-14
CAN-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not
properly ...)
NOTE: fixed after kernel 2.4.19
CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does
not ...)
@@ -2102,8 +2108,7 @@
CAN-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow
attackers ...)
- php4 4:4.3.10-1
CAN-2004-1017 (Multiple "overflows" in the io_edgeport driver
for Linux kernel 2.4.x ...)
- NOTE: micah checking with kernel team
- TODO: check with kernel team
+ - kernel-source-2.4.27 2.4.27-9
CAN-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up
to ...)
- kernel-image-2.4.27-i386 2.4.27-7
CAN-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and
earlier, ...)
@@ -2442,8 +2447,10 @@
CAN-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18
and ...)
{DSA-568-1 DSA-563-1}
CAN-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in
Linux ...)
- NOTE: micah checking with kernel team
- TODO: check with kernel team
+ - kernel-source 2.4.27-6
+ - kernel-source 2.6.8 2.6.8-13
+ - kernel-source 2.6.9 2.6.9-3
+ - kernel-source 2.6.10 2.6.10-4
CAN-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba
3.0.x ...)
NOTE: details http://security.e-matters.de/advisories/132004.html
- samba 3.0.7
@@ -2873,8 +2880,7 @@
CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4,
when the ...)
- samba 3.0.5
CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user
...)
- NOTE: micah checking with kernel team
- TODO: check with kernel team
+ Note: Fixed in upstream 2.4.27
CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server
5.02, ...)
NOTE: not-for-us (WebSphere Edge Server)
CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers
to ...)
@@ -3059,8 +3065,7 @@
CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used
in ...)
{DSA-536}
CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces
(eql.c) in ...)
- NOTE: micah checking with kernel team
- TODO: check with kernel team
+ NOTE: Fixed in upstream ( <= 2.6.7)
CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to
...)
{DSA-689-1 DSA-531}
CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x
up to ...)