Author: joeyh Date: 2005-01-12 20:17:38 +0100 (Wed, 12 Jan 2005) New Revision: 268 Modified: sarge-checks/CAN/list Log: more kernel Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-01-12 18:17:37 UTC (rev 267) +++ sarge-checks/CAN/list 2005-01-12 19:17:38 UTC (rev 268) @@ -76,10 +76,12 @@ - tetex-bin 2.0.2-25 CAN-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...) - kernel-source-2.6.8 2.6.8-11 + TODO: what about 2.4? Vulnerable according to advisory. CAN-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...) TODO: re-check with kernel team (was unfixed before) CAN-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...) - kernel-source-2.6.8 2.6.8-11 + TODO: what about 2.4? CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) NOTE: not-for-us (hpux) CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...) @@ -289,7 +291,7 @@ - kernel-source-2.4.27 2.4.27-8 NOTE: and binary packages built from them CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...) - TODO: check with kernel team + NOTE: fixed after 2.4.25 CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...) NOTE: not-for-us (Gadu-Gadu) CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...) @@ -379,6 +381,7 @@ NOTE: not-for-us (Citadel/UX) CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...) TODO: check with kernel team + NOTE: looks like 2.4 is ok, 2.6.8 is vulnerable CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...) TODO: check with kernel team CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...) @@ -470,7 +473,7 @@ CAN-2004-1152 (Buffer overflow in the mailListIsPd function in Adobe Acrobat Reader ...) NOTE: not-for-us (Adobe Acrobat Reader) CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) - NOTE: fixed in kernel team svn + NOTE: fixed in kernel team svn (?) TODO: track fix CAN-2004-1150 NOTE: reserved @@ -485,6 +488,7 @@ CAN-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...) - kdelibs (unfixed; bug #286521) CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...) + NOTE: amd64 specific TODO: check with kernel team CAN-2004-1143 NOTE: reserved @@ -942,6 +946,7 @@ CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...) NOTE: not-for-us (NetOp Host) CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...) + NOTE: fixed in 2.4.28, 2.6.9 NOTE: check with kernel people CAN-2004-0948 NOTE: reserved