Author: joeyh Date: 2004-12-23 15:21:13 -0700 (Thu, 23 Dec 2004) New Revision: 209 Modified: sarge-checks/CAN/list Log: check recent CANs Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2004-12-23 16:14:40 UTC (rev 208) +++ sarge-checks/CAN/list 2004-12-23 22:21:13 UTC (rev 209) @@ -1,17 +1,17 @@ CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...) - TODO: check + NOTE: not-for-us (MacOS) CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...) - TODO: check + NOTE: not-for-us (My Firewall Plus) CAN-2004-1312 NOTE: reserved CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...) - TODO: check + NOTE: not-for-us (mplayer) CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...) - TODO: check + NOTE: not-for-us (mplayer) CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...) - TODO: check + NOTE: not-for-us (mplayer) CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...) - - libtiff4 (unfixed; bug #286833) + - libtiff4 3.6.1-4 TODO: other packages containing libtiff code may be vulnerable (kfax?) CAN-2004-1307 NOTE: reserved @@ -20,108 +20,111 @@ CAN-2004-1305 NOTE: reserved CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...) - - file (unfixed; bug #283316) + - file 4.12 CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...) - TODO: check + NOTE: not-for-us (Yanf) CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...) - TODO: check + NOTE: not-for-us (YAMT) CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...) - TODO: check + NOTE: not-for-us (xlreader) CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...) - - libxine1 (unfixed; bug #285899) + - xine-lib 1-rc8-1 CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...) - TODO: check + NOTE: not-for-us (vilistextum) CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...) - TODO: check + NOTE: not-for-us (vb2c) CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...) - TODO: check + - unrtf (unfixed; bug #287038) CAN-2004-1296 NOTE: reserved - - pic2graph (unfixed; bug #286371) + - groff 1.18.1.1-5 CAN-2004-1295 (The slip_down function in slip.c for the uml_net program in ...) - TODO: check + NOTE: uml_net is only executable by users in group uml-net in Debian + NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...) - tnftp (unfixed; bug #285902) CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...) - TODO: check + NOTE: not-for-us (rtf2latex2e) CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...) - TODO: check + NOTE: not-for-us (ringtonetools) CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...) - TODO: check + NOTE: not-for-us (qwik-smtpd) CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...) - TODO: check + NOTE: not-for-us (pgn2web) CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...) - TODO: check + - pcal (unfixed; bug #287039) CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...) - TODO: check + NOTE: not-for-us (o3read) CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...) - TODO: check + - nasm (unfixed; bug #285889) CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...) - TODO: check + NOTE: not-for-us (NapShare) CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...) - TODO: check + NOTE: not-for-us (mplayer) CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...) - TODO: check + - mpg123 (unfixed; bug filed) CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...) - TODO: check + NOTE: not-for-us (mview) CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...) - TODO: check + - linpopup (unfixed; bug filed) CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...) - TODO: check + NOTE: not-for-us (junkie) CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...) - TODO: check + NOTE: not-for-us (junkie) CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...) - TODO: check + NOTE: not-for-us (jpegtoavi) CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...) - TODO: check + NOTE: not-for-us (jcabc2ps) CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...) - TODO: check + NOTE: not-for-us (IglooFTP) CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...) - TODO: check + NOTE: not-for-us (IglooFTP) CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...) - TODO: check + NOTE: not-for-us (html2hdml) CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...) - TODO: check + NOTE: not-for-us (greed) + NOTE: not the game in debian, the file download tool CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...) - TODO: check + NOTE: not-for-us (greed) + NOTE: not the game in debian, the file download tool CAN-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...) - TODO: check + - filter (unfixed; bug filed) CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...) - TODO: check + NOTE: not-for-us (dxfscope) CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...) - TODO: check + - cupsys 1.1.22-2 CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...) - TODO: check + - cupsys 1.1.22-2 CAN-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...) - TODO: check + - cupsys 1.1.22-2 CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...) - TODO: check + - cupsys 1.1.22-2 CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...) - TODO: check + NOTE: not-for-us (csv2xml) CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...) - TODO: check + NOTE: not-for-us (Convex) CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...) - chbg (unfixed; bug #285904) CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...) - TODO: check + NOTE: not-for-us (ChangePassword):w CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...) - TODO: check + NOTE: not-for-us (bsb2ppm) CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...) - TODO: check + NOTE: not-for-us (asp2php) CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...) - TODO: check + NOTE: not-for-us (abctab2ps) CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...) - TODO: check + NOTE: not-for-us (abcpp) CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...) - - abcm2ps (unfixed; bug #285903) + - abcm2ps 4.8.5-1 CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...) - TODO: check + NOTE: not-for-us (abc2mtex) CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...) - TODO: check + - abcmidi (unfixed; bug filed) CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...) - TODO: check + NOTE: not-for-us (2fax) CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...) - TODO: check + NOTE: not-for-us (WinRAR) CAN-2004-1253 NOTE: reserved CAN-2004-1252 @@ -256,9 +259,9 @@ CAN-2004-1189 NOTE: reserved CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...) - - libxine1 (unfixed; bug #286077) + - xine-lib 1-rc8-1 CAN-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...) - TODO: check + - xine-lib 1-rc8-1 CAN-2004-1186 NOTE: reserved CAN-2004-1185 @@ -289,7 +292,7 @@ CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...) NOTE: not-for-us (MSIE) CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...) - TODO: check + NOTE: not-for-us (Veritas Backup Exec) CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...) - kdelibs 4:3.3.1-2 - kdebase 4:3.3.1-3 @@ -330,18 +333,18 @@ CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...) NOTE: not-for-us (Microsoft MSIE) CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...) - TODO: check + - samba 3.0.10-1 CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...) - TODO: check + NOTE: not-for-us (Adobe Acrobat Reader) CAN-2004-1152 (Buffer overflow in the mailListIsPd function in Adobe Acrobat Reader ...) - TODO: check + NOTE: not-for-us (Adobe Acrobat Reader) CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...) NOTE: fixed in kernel team svn TODO: track fix CAN-2004-1150 NOTE: reserved CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...) - TODO: check + NOTE: not-for-us (Computer Associates eTrust EZ Antivirus) CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) - phpmyadmin 2:2.6.1-rc1-1 CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...) @@ -365,7 +368,7 @@ CAN-2004-1139 NOTE: reserved CAN-2004-1138 (Unknown vulnerability in Vim modeline options, such as (1) termcap, ...) - TODO: check + - vim 1:6.3-046+1 CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...) NOTE: Fixed in kernel team svn TODO: track fix @@ -392,7 +395,7 @@ CAN-2004-1126 NOTE: reserved CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00 ...) - TODO: check + - xpdf 3.0.0-11 CAN-2004-1124 NOTE: reserved CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...) @@ -535,15 +538,15 @@ CAN-2004-1059 NOTE: reserved CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...) - TODO: check + TODO: check with kernel team CAN-2004-1057 NOTE: reserved CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...) - TODO: check + TODO: check with kernel team CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin 2:2.6.0-pl3-1 CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...) NOTE: not-for-us (fetch on FreeBSD) CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...) @@ -598,7 +601,7 @@ CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...) NOTE: not-for-us (Sun JRE) CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2004-1027 (The -x command line option in unarj allows remote attackers to ...) NOTE: sarge''s unarj is from a different code base, probably not vulnerable CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...) @@ -803,7 +806,7 @@ NOTE: see http://lwn.net/Alerts/110733/ NOTE: sarge''s unarj is from a different code base, probably not vulnerable CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...) - TODO: check + - nfs-utils (unfixed; bug filed) CAN-2004-0945 NOTE: reserved CAN-2004-0944