Author: djoume-guest
Date: 2005-01-19 22:58:39 +0100 (Wed, 19 Jan 2005)
New Revision: 293
Modified:
sarge-checks/CAN/list
Log:
* processed my block & claimed a few more.
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-01-19 20:14:16 UTC (rev 292)
+++ sarge-checks/CAN/list 2005-01-19 21:58:39 UTC (rev 293)
@@ -6113,6 +6113,7 @@
TODO: check
CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a
denial ...)
{DSA-165}
+begin claimed by djoume
CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users
to ...)
TODO: check
CAN-2002-0970
@@ -6209,70 +6210,71 @@
TODO: check
CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local
users to ...)
TODO: check
+end claimed by djoume
CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a
small ...)
- TODO: check
+ NOTE: not-for-us (wbboard not in Debian)
CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2)
allows ...)
- TODO: check
+ - phpbb2 2.0.6c-1
CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network
Disk ...)
- TODO: check
+ - amanda 2.4.0b6-1
CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us (Falcon not in Debian)
CAN-2002-0896 (The throttle capability in Swatch may fail to report certain
events if ...)
- TODO: check
+ - swatch 3.0.4-1
CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to
cause a ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec
ISAPI 4.1 ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and
1.1.7, ...)
- TODO: check
+ NOTE: not-for-us (3com)
CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows
remote ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris,
and ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server)
on ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated
Administrator ...)
- TODO: check
+ NOTE: not-for-us (Compaq)
CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and
7960 ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default
...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote
...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us (CFXImage not in Debian)
CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense
software ...)
- TODO: check
+ NOTE: not-for-us (LogiSense not in Debian)
CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala
4.5 ...)
- TODO: check
+ NOTE: not-for-us (Shambala)
CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a
denial ...)
- TODO: check
+ NOTE: not-for-us (Shambala)
CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions,
when ...)
{DSA-150}
CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000
Series ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for
...)
- TODO: check
+ NOTE: not-for-us (IIS)
CAN-2002-0868
NOTE: reserved
CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000
and ...)
- TODO: check
+ NOTE: not-for-us (Windows)
CAN-2002-0862 (The (1) CertGetCertificateChain, (2)
CertVerifyCertificateChainPolicy, ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows
remote ...)
- TODO: check
+ NOTE: not-for-us (Microsoft)
CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with
a ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility
...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12
allows ...)
{DSA-147}
CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon
(ipppd) ...)
- TODO: check
+ NOTE: not-for-us (SuSE specific)
CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client
3.5.4 ...)
- TODO: check
+ NOTE: not-for-us Cisco
CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file
with ...)
- TODO: check
+ NOTE: not-for-us (iSCSI not in Debian)
CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program
(ab.c) ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -6287,126 +6289,126 @@
- apache 1.3.27-0.1
CAN-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and
...)
{DSA-182 DSA-179 DSA-176}
-begin claimed by djoume
CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package
allows ...)
- TODO: check
+ - wordtrans 1.1pre9
CAN-2002-0836
{DSA-207}
CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and
earlier ...)
{DSA-162}
CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and
possibly ...)
- TODO: check
+ NOTE: not-for-us (Eudora)
CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to
bypass ...)
- TODO: check
+ NOTE: not-for-us (Internet Explorer)
CAN-2002-0828
NOTE: rejected
CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0
allows ...)
- TODO: check
+ NOTE: not-for-us (UnixWare)
CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before
nss_ldap-198 ...)
- TODO: check
+ - libnss-ldap 199-1
CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a
denial ...)
- TODO: check
+ - ethereal 0.9.4-1woody1
CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote
attackers ...)
- TODO: check
+ - ethereal 0.9.4-1woody1
CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1,
and 2 ...)
- TODO: check
+ NOTE: not-for-us (FreeBSD)
CAN-2002-0819 (Format string vulnerability in artsd, when called by
artswrapper, ...)
- TODO: check
+ NOTE: not-for-us (artscontrol not suid root)
CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as
implemented in (1) ...)
- TODO: check
+ - mozilla (2:1.0.0-1)
CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential
Gateway ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow
remote ...)
- TODO: check
+ NOTE: bugzilla 2.16.0-2.1
CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before
2.14.2, ...)
- TODO: check
+ NOTE: bugzilla 2.16.0-2.1
CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows
remote ...)
- TODO: check
+ NOTE: bugzilla 2.16.0-2.1
CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows
local ...)
- TODO: check
+ NOTE: not-for-us (HP)
CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for
Solaris ...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx
for ...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities
in QNX ...)
- TODO: check
+ NOTE: not-for-us (QNX)
CAN-2002-0792 (The web management interface for Cisco Content Service Switch
(CSS) ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web
server ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0786 (iCon administrative web server for Critical Path inJoin
Directory ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server
0.7b ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute
arbitrary ...)
- TODO: check
+ NOTE: not-for-us (Opera)
CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate)
enabled ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote
attackers ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote
...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows
remote ...)
- TODO: check
+ NOTE: not-for-us (Novell)
CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a
default ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers
to copy ...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting
...)
- TODO: check
+ NOTE: not-for-us
CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS
0.9.2 ...)
- TODO: check
+ - viewcvs 0.9.2-5
CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to
obtain ...)
- TODO: check
+ NOTE: not-for-us (Quake server)
CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186
Analog ...)
- TODO: check
+ NOTE: not-for-us (Cisco)
CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO
file ...)
- TODO: check
+ NOTE: not-for-us (simpleinit not in Debian)
CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary
commands ...)
- TODO: check
+ NOTE: not-for-us (Phorum not in Debian)
CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5
on ...)
- TODO: check
+ NOTE: not-for-us (HP)
CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts
enabled ...)
- TODO: check
+ - webmin 0.980-1
+ - usermin 0.910-1
CAN-2002-0756 (Cross-site scripting vulnerability in the authentication page
for (1) ...)
- TODO: check
+ - webmin 0.980-1
+ - usermin 0.910-1
CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers
to ...)
- TODO: check
+ NOTE: not-for-us (Talentsoft not in Debian)
CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file
that is ...)
- TODO: check
+ NOTE: not-for-us (CGIscript.net not in Debian)
CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to
use ...)
- TODO: check
+ NOTE: not-for-us (CGIscript.net not in Debian)
CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to
read ...)
- TODO: check
+ NOTE: not-for-us (CGIscript.net not in Debian)
CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute
...)
- TODO: check
+ NOTE: not-for-us (CGIscript.net not in Debian)
CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an
insecure ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long
...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very
long ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
- TODO: check
+ NOTE: not-for-us (AIX)
CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed
...)
- TODO: check
+ - slrn 0.9.6.2-9
CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote
attackers to ...)
- TODO: check
+ NOTE: not-for-us (PostCalendat not in Debian)
CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note
Squid ...)
- TODO: check
-end claimed by djoume
+ NOTE: not-for-us (only potato was vulnerable)
CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows
remote ...)
NOTE: not-for-us (MyGuestbook)
CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for
...)