Author: joeyh
Date: 2005-01-06 22:11:55 +0100 (Thu, 06 Jan 2005)
New Revision: 247
Modified:
sarge-checks/CAN/list
Log:
recent updates
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-01-06 08:14:18 UTC (rev 246)
+++ sarge-checks/CAN/list 2005-01-06 21:11:55 UTC (rev 247)
@@ -19,9 +19,9 @@
CAN-2005-0023
NOTE: reserved
CAN-2005-0022
- TODO: check
+ - exim4 4.34-10
CAN-2005-0021
- TODO: check
+ - exim4 4.34-10
CAN-2005-0020
NOTE: reserved
CAN-2005-0019
@@ -63,49 +63,51 @@
CAN-2005-0001
NOTE: reserved
CAN-2004-1339
- TODO: check
+ NOTE: not-for-us (oracle)
CAN-2004-1338
- TODO: check
+ NOTE: not-for-us (oracle)
CAN-2004-1337
- TODO: check
+ NOTE: <dilinger> joeyh: we''re mostly not vulnerable, because
the module is generally loaded from the initrd (or very early on at some point)
+ TODO: re-check with kernel team re fix
+ NOTE: apparent it only affects 2.6
CAN-2004-1336
- TODO: check
+ - tetex-bin 2.0.2-25
CAN-2004-1335
- TODO: check
+ - kernel-source-2.6.8 2.6.8-11
CAN-2004-1334
- TODO: check
+ TODO: re-check with kernel team (was unfixed before)
CAN-2004-1333
- TODO: check
+ - kernel-source-2.6.8 2.6.8-11
CAN-2004-1332
- TODO: check
+ NOTE: not-for-us (hpux)
CAN-2004-1331
- TODO: check
+ NOTE: not-for-us (microsoft)
CAN-2004-1330
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2004-1329
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2004-1328
- TODO: check
+ NOTE: not-for-us (hpux)
CAN-2004-1327
- TODO: check
+ NOTE: not-for-us (Crystal FTP client)
CAN-2004-1326
- TODO: check
+ NOTE: not-for-us (Ultrix)
CAN-2004-1325
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1324
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1323
- TODO: check
+ NOTE: not-for-us (Netbsd)
CAN-2004-1322
- TODO: check
+ NOTE: not-for-us (Microsoft/Cisco)
CAN-2004-1321
- TODO: check
+ NOTE: not-for-us (Asante FM2008)
CAN-2004-1320
- TODO: check
+ NOTE: not-for-us (Asante FM2008)
CAN-2004-1319
- TODO: check
+ NOTE: not-for-us (MSIE)
CAN-2004-1318
- TODO: check
+ - namuzu2 2.0.14
CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows
1.1, ...)
NOTE: apparently only affects netcat in windows
CAN-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
@@ -117,7 +119,7 @@
CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and
possibly ...)
NOTE: not-for-us (My Firewall Plus)
CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as
used ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in
real.c ...)
NOTE: not-for-us (mplayer)
CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c
functionality ...)
@@ -133,7 +135,7 @@
CAN-2004-1306
NOTE: reserved
CAN-2004-1305 (The Windows Animated Cursor (ANI) in Windows NT, Windows 2000
through ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in
file ...)
- file 4.12
CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows
...)
@@ -275,7 +277,7 @@
CAN-2004-1237
NOTE: reserved
CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory
Server ...)
- TODO: check
+ NOTE: not-for-us (Netscape Directory Server on HP-UX)
CAN-2004-1235
NOTE: reserved
CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to
cause a ...)
@@ -512,6 +514,7 @@
{DSA-621-1 DSA-619-1}
- xpdf 3.00-11
- cupsys 1.1.22-2
+ - tetex-bin 2.0.2-25
CAN-2004-1124
NOTE: reserved
CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions,
allows ...)