Author: joeyh
Date: 2005-01-18 21:14:23 +0100 (Tue, 18 Jan 2005)
New Revision: 281
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-01-18 08:14:25 UTC (rev 280)
+++ sarge-checks/CAN/list 2005-01-18 20:14:23 UTC (rev 281)
@@ -1,3 +1,173 @@
+CAN-2005-0080
+ TODO: check
+CAN-2005-0079
+ NOTE: reserved
+CAN-2005-0078
+ NOTE: reserved
+CAN-2005-0077
+ NOTE: reserved
+CAN-2005-0076
+ NOTE: reserved
+CAN-2005-0075
+ NOTE: reserved
+CAN-2005-0074
+ NOTE: reserved
+CAN-2005-0073
+ NOTE: reserved
+CAN-2005-0072
+ NOTE: reserved
+CAN-2005-0071
+ NOTE: reserved
+CAN-2005-0070
+ NOTE: reserved
+CAN-2005-0069
+ NOTE: reserved
+CAN-2005-0068
+ TODO: check
+CAN-2005-0067
+ TODO: check
+CAN-2005-0066
+ TODO: check
+CAN-2005-0065
+ TODO: check
+CAN-2005-0064
+ NOTE: reserved
+CAN-2005-0063
+ NOTE: reserved
+CAN-2005-0062
+ NOTE: reserved
+CAN-2005-0061
+ NOTE: reserved
+CAN-2005-0060
+ NOTE: reserved
+CAN-2005-0059
+ NOTE: reserved
+CAN-2005-0058
+ NOTE: reserved
+CAN-2005-0057
+ NOTE: reserved
+CAN-2005-0056
+ NOTE: reserved
+CAN-2005-0055
+ NOTE: reserved
+CAN-2005-0054
+ NOTE: reserved
+CAN-2005-0053
+ NOTE: reserved
+CAN-2005-0052
+ NOTE: reserved
+CAN-2005-0051
+ NOTE: reserved
+CAN-2005-0050
+ NOTE: reserved
+CAN-2005-0049
+ NOTE: reserved
+CAN-2005-0048
+ NOTE: reserved
+CAN-2005-0047
+ NOTE: reserved
+CAN-2005-0046
+ NOTE: reserved
+CAN-2005-0045
+ NOTE: reserved
+CAN-2005-0044
+ NOTE: reserved
+CAN-2005-0043
+ TODO: check
+CAN-2005-0042
+ NOTE: reserved
+CAN-2005-0041
+ NOTE: reserved
+CAN-2005-0040
+ NOTE: reserved
+CAN-2005-0039
+ NOTE: reserved
+CAN-2005-0038
+ NOTE: reserved
+CAN-2005-0037
+ NOTE: reserved
+CAN-2005-0036
+ NOTE: reserved
+CAN-2005-0035
+ NOTE: reserved
+CAN-2005-0034
+ NOTE: reserved
+CAN-2005-0033
+ NOTE: reserved
+CAN-2004-1376
+ TODO: check
+CAN-2004-1375
+ TODO: check
+CAN-2004-1374
+ TODO: check
+CAN-2004-1373
+ TODO: check
+CAN-2004-1372
+ TODO: check
+CAN-2004-1371
+ TODO: check
+CAN-2004-1370
+ TODO: check
+CAN-2004-1369
+ TODO: check
+CAN-2004-1368
+ TODO: check
+CAN-2004-1367
+ TODO: check
+CAN-2004-1366
+ TODO: check
+CAN-2004-1365
+ TODO: check
+CAN-2004-1364
+ TODO: check
+CAN-2004-1363
+ TODO: check
+CAN-2004-1362
+ TODO: check
+CAN-2004-1361
+ TODO: check
+CAN-2004-1360
+ TODO: check
+CAN-2004-1359
+ TODO: check
+CAN-2004-1358
+ TODO: check
+CAN-2004-1357
+ TODO: check
+CAN-2004-1356
+ TODO: check
+CAN-2004-1355
+ TODO: check
+CAN-2004-1354
+ TODO: check
+CAN-2004-1353
+ TODO: check
+CAN-2004-1352
+ TODO: check
+CAN-2004-1351
+ TODO: check
+CAN-2004-1350
+ TODO: check
+CAN-2004-1349
+ TODO: check
+CAN-2004-1348
+ TODO: check
+CAN-2004-1347
+ TODO: check
+CAN-2004-1346
+ TODO: check
+CAN-2004-1345
+ TODO: check
+CAN-2004-1344
+ NOTE: reserved
+CAN-2004-1343
+ NOTE: reserved
+CAN-2004-1342
+ NOTE: reserved
+CAN-2004-1341
+ NOTE: reserved
+CAN-2004-1340
+ NOTE: reserved
CAN-2005-0032
NOTE: reserved
CAN-2005-0031
@@ -40,8 +210,7 @@
NOTE: reserved
CAN-2005-0013
NOTE: reserved
-CAN-2005-0012
- NOTE: reserved
+CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in
Dillo ...)
- dillo 0.8.3-1
CAN-2005-0011
NOTE: reserved
@@ -61,10 +230,9 @@
NOTE: reserved
CAN-2005-0003
NOTE: reserved
-CAN-2005-0002
- NOTE: reserved
-CAN-2005-0001
- NOTE: reserved
+CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
+ TODO: check
+CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
NOTE: bug in i386 SMP page fault handler, local root (bugtraq)
TODO: check with kernel team
CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1
and ...)
@@ -140,8 +308,8 @@
TODO: other packages containing libtiff code may be vulnerable (kfax?)
CAN-2004-1307
NOTE: reserved
-CAN-2004-1306
- NOTE: reserved
+CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT,
Windows 2000 ...)
+ TODO: check
CAN-2004-1305 (The Windows Animated Cursor (ANI) in Windows NT, Windows 2000
through ...)
NOTE: not-for-us (Microsoft)
CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in
file ...)
@@ -399,12 +567,10 @@
NOTE: reserved
CAN-2004-1184
NOTE: reserved
-CAN-2004-1183
- NOTE: reserved
+CAN-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and
earlier ...)
{DSA-626-1}
- libtiff-tools 3.6.1-5
-CAN-2004-1182
- NOTE: reserved
+CAN-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a
"weak" ...)
{DSA-634-1}
CAN-2004-1181
NOTE: reserved
@@ -416,8 +582,7 @@
{DSA-615-1}
CAN-2004-1178
NOTE: reserved
-CAN-2004-1177
- NOTE: reserved
+CAN-2004-1177 (Cross-site scripting vulnerability in the driver script in
mailman ...)
- mailman 2.1.5-5
NOTE: there''s also bug #285839, no CAN.
CAN-2004-1176
@@ -496,8 +661,7 @@
CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4
on ...)
NOTE: amd64 specific
TODO: check with kernel team
-CAN-2004-1143
- NOTE: reserved
+CAN-2004-1143 (The password generation in mailman before 2.1.5 generates only 5
...)
- mailman 2.1.5-5
CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a
...)
- ethereal 0.10.8
@@ -710,8 +874,8 @@
- sudo 1.6.8p3-1
CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote
...)
NOTE: not-for-us (Microsoft)
-CAN-2004-1049
- NOTE: reserved
+CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for
Microsoft ...)
+ TODO: check
CAN-2004-1048
NOTE: reserved
CAN-2004-1047
@@ -730,8 +894,8 @@
NOTE: reserved
CAN-2004-1040
NOTE: reserved
-CAN-2004-1039
- NOTE: reserved
+CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and
7.0.1, ...)
+ TODO: check
CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers
with ...)
NOTE: not-for-us (IEEE1394 specification bug, physical security)
CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to
...)
@@ -755,7 +919,7 @@
NOTE: not-for-us (Sun JRE)
CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM
5.1.0, ...)
NOTE: not-for-us (AIX)
-CAN-2004-1027 (The -x command line option in unarj allows remote attackers to
...)
+CAN-2004-1027 (Directory traversal vulnerability in the -x command line option
in ...)
NOTE: sarge''s unarj is from a different code base, probably not
vulnerable
CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14
and ...)
{DSA-628-1 DSA-618-1}
@@ -828,8 +992,7 @@
CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow
4.0.4.1, ...)
{DSA-585-1}
- shadow 1:4.0.3-30.3
-CAN-2004-1000
- NOTE: reserved
+CAN-2004-1000 (lintian 1.23 and earlier removes the working directory even if
it was ...)
{DSA-630-1}
- lintian 1.23.6
CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service
...)
@@ -852,8 +1015,8 @@
{DSA-604-1}
CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in
...)
NOTE: not-for-us (Proxytunnel)
-CAN-2004-0991
- NOTE: reserved
+CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote
attackers to ...)
+ TODO: check
CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2),
and ...)
{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
- libgd2 2.0.30-1
@@ -1091,8 +1254,8 @@
NOTE: not-for-us (Microsoft)
CAN-2004-0898
NOTE: reserved
-CAN-2004-0897
- NOTE: reserved
+CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003
does not ...)
+ TODO: check
CAN-2004-0896
NOTE: reserved
CAN-2004-0895
@@ -1645,8 +1808,8 @@
{DSA-529}
CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in
Squirrelmail ...)
{DSA-535}
-CAN-2004-0638
- NOTE: reserved
+CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system
package ...)
+ TODO: check
CAN-2004-0637
NOTE: reserved
CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI
handler ...)
@@ -1807,11 +1970,9 @@
{DSA-555-1}
CAN-2004-0562
NOTE: reserved
-CAN-2004-0561
- NOTE: reserved
+CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon
...)
{DSA-638-1}
-CAN-2004-0560
- NOTE: reserved
+CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote
...)
{DSA-638-1}
CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local
users ...)
{DSA-544-1}
@@ -4924,8 +5085,7 @@
CAN-2003-0015
{DSA-233}
- cvs 1.11.2-5.1
-CAN-2003-0014
- NOTE: reserved
+CAN-2003-0014 (bmv 1.2 and earlier allows local users to overwrite arbitrary
files ...)
{DSA-633-1}
CAN-2003-0013
{DSA-230}