Author: joeyh
Date: 2005-01-19 21:14:16 +0100 (Wed, 19 Jan 2005)
New Revision: 292
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-01-19 20:11:00 UTC (rev 291)
+++ sarge-checks/CAN/list 2005-01-19 20:14:16 UTC (rev 292)
@@ -1,30 +1,30 @@
-CAN-2005-0121
+CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local
users ...)
NOTE: not-for-us (golddig)
-CAN-2005-0120
+CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete
arbitrary ...)
NOTE: not-for-us (helvis)
-CAN-2005-0119
+CAN-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and
read the ...)
NOTE: not-for-us (helvis)
-CAN-2005-0118
+CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world
readable ...)
NOTE: not-for-us (helvis)
-CAN-2005-0117
+CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to
execute ...)
- xshisen (unfixed; bug #289784)
-CAN-2005-0116
+CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote
attackers to ...)
- awstats (unfixed; bug #291064)
CAN-2005-0115
NOTE: reserved
CAN-2005-0114
NOTE: reserved
-CAN-2005-0113
+CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary
commands ...)
NOTE: not-for-us (IRIX)
CAN-2005-0112
NOTE: reserved
-CAN-2005-0111
+CAN-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL
MaxDB ...)
- maxdb-7.5.00 7.5.00.18
-CAN-2005-0110
+CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
NOTE: not-for-us (MSIE)
CAN-2005-0109
NOTE: reserved
-CAN-2005-0108
+CAN-2005-0108 (Apache mod_auth_radius 1.5.4 allows remote malicious RADIUS
servers to ...)
- libapache-mod-auth-radius 1.5.7-6
CAN-2005-0107
NOTE: reserved
@@ -46,13 +46,13 @@
NOTE: reserved
CAN-2005-0098
NOTE: reserved
-CAN-2005-0097
+CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows
remote ...)
- squid 2.5.7-4
-CAN-2005-0096
+CAN-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid
2.5.STABLE7 and ...)
- squid 2.5.7-4
-CAN-2005-0095
+CAN-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier
allows ...)
- squid 2.5.7-4
-CAN-2005-0094
+CAN-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply
...)
- squid 2.5.7-4
CAN-2005-0093
NOTE: reserved
@@ -80,18 +80,18 @@
NOTE: reserved
CAN-2005-0081
NOTE: reserved
-CAN-2004-1379
+CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine
...)
- xine-lib 1-rc7-1
-CAN-2004-1378
+CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber
(jabberd) ...)
- jabber (unfixed; bug #291183)
NOTE: not-for-us (jadc2s)
-CAN-2004-1377
+CAN-2004-1377 (The (1) fixps.in and (2) psmandup.in scripts in a2ps before 4.13
allow ...)
- a2ps (unfixed; bug #286387)
- a2ps (unfixed; bug #286385)
NOTE: wrote for clarification of how it''s exploitable
-CAN-2003-1054
+CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a
denial of ...)
TODO: check
-CAN-2003-1053
+CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute
...)
- xshisen 1.51-1-1
CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in
Ubuntu 4.10 ...)
- mailman 2.1.5-5
@@ -127,6 +127,7 @@
CAN-2005-0065 (The original design of TCP does not check that the TCP sequence
number ...)
NOTE: general tcp design error
CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in
Decrypt.cc ...)
+ {DSA-648-1 DSA-645-1}
- xpdf 3.00-12
- gpdf (unfixed; bug #291244)
- koffice (unfixed; bug #291245)
@@ -325,9 +326,11 @@
CAN-2005-0006
NOTE: reserved
CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0,
6.1.7, and ...)
+ {DSA-646-1}
- imagemagick 6:6.0.6.2-2.1
CAN-2005-0004
NOTE: reserved
+ {DSA-647-1}
- mysql-dfsg-4.1 4.1.8a-6
- mysql-dfsg 4.0.23-3
CAN-2005-0003