Author: joeyh
Date: 2005-01-20 09:14:16 +0100 (Thu, 20 Jan 2005)
New Revision: 298
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-01-20 02:12:47 UTC (rev 297)
+++ sarge-checks/CAN/list 2005-01-20 08:14:16 UTC (rev 298)
@@ -1,3 +1,9 @@
+CAN-2005-0124
+ TODO: check
+CAN-2005-0123
+ NOTE: reserved
+CAN-2005-0122
+ TODO: check
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local
users ...)
NOTE: not-for-us (golddig)
CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete
arbitrary ...)
@@ -76,16 +82,16 @@
NOTE: reserved
CAN-2005-0083
NOTE: reserved
-CAN-2005-0082
- NOTE: reserved
-CAN-2005-0081
- NOTE: reserved
+CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and
other ...)
+ TODO: check
+CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows
remote ...)
+ TODO: check
CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine
...)
- xine-lib 1-rc7-1
CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber
(jabberd) ...)
- jabber 1.4.3-3
NOTE: not-for-us (jadc2s)
-CAN-2004-1377 (The (1) fixps.in and (2) psmandup.in scripts in a2ps before 4.13
allow ...)
+CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in)
...)
- a2ps (unfixed; bug #286387)
- a2ps (unfixed; bug #286385)
NOTE: wrote for clarification of how it''s exploitable
@@ -292,7 +298,7 @@
NOTE: reserved
CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim
before ...)
- exim4 4.34-10
-CAN-2005-0021 (Buffer overflow in the host_aton function in Exim before 4.43
may ...)
+CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow
attackers to ...)
{DSA-637-1 DSA-635-1}
CAN-2005-0020
NOTE: reserved
@@ -329,13 +335,12 @@
CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0,
6.1.7, and ...)
{DSA-646-1}
- imagemagick 6:6.0.6.2-2.1
-CAN-2005-0004
- NOTE: reserved
+CAN-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before
...)
{DSA-647-1}
- mysql-dfsg-4.1 4.1.8a-6
- mysql-dfsg 4.0.23-3
-CAN-2005-0003
- NOTE: reserved
+CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on
64-bit ...)
+ TODO: check
CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
NOTE: not-for-us (poppassd_pam)
CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
@@ -559,12 +564,11 @@
NOTE: reserved
CAN-2004-1238
NOTE: reserved
-CAN-2004-1237
- NOTE: reserved
+CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the
audit ...)
+ TODO: check
CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory
Server ...)
NOTE: not-for-us (Netscape Directory Server on HP-UX)
-CAN-2004-1235
- NOTE: reserved
+CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout
...)
- kernel-source-2.6.8 2.6.8-12
- kernel-image-2.6.8-2-386
- kernel-source-2.4.27 2.4.27-8
@@ -1546,8 +1550,8 @@
CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd
allows ...)
NOTE: ide-cd SG_IO vulnerability
NOTE: fixed in recent 2.6 and 2.4 kernels
-CAN-2004-0812
- NOTE: reserved
+CAN-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the
AMD ...)
+ TODO: check
CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the
merging of the ...)
- apache2 2.0.52
CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote
attackers to ...)