Author: joeyh
Date: 2005-02-09 09:14:25 +0100 (Wed, 09 Feb 2005)
New Revision: 372
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-02-08 21:35:30 UTC (rev 371)
+++ sarge-checks/CAN/list 2005-02-09 08:14:25 UTC (rev 372)
@@ -1,3 +1,99 @@
+CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.2 and
5.3 ...)
+ TODO: check
+CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec
...)
+ TODO: check
+CAN-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9,
when ...)
+ TODO: check
+CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and
earlier ...)
+ TODO: check
+CAN-2005-0246 (The intagg contrib module for PostgreSQL 8.0.1 and earlier
allows ...)
+ TODO: check
+CAN-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.1 and earlier may
allow ...)
+ TODO: check
+CAN-2005-0244 (PostgreSQL 8.0.1 and earlier allows local users to bypass the
EXECUTE ...)
+ TODO: check
+CAN-2005-0243
+ NOTE: reserved
+CAN-2005-0242
+ NOTE: reserved
+CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid
2.5-STABLE7 ...)
+ TODO: check
+CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly
handle ...)
+ TODO: check
+CAN-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris
...)
+ TODO: check
+CAN-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows
local ...)
+ TODO: check
+CAN-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary
files ...)
+ TODO: check
+CAN-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows
local ...)
+ TODO: check
+CAN-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for
...)
+ TODO: check
+CAN-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d)
flag ...)
+ TODO: check
+CAN-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with
logging ...)
+ TODO: check
+CAN-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows
local ...)
+ TODO: check
+CAN-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris
2.6 ...)
+ TODO: check
+CAN-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
+ TODO: check
+CAN-2003-1073 (A race condition in the at command for Solaris 2.6 through 9
allows ...)
+ TODO: check
+CAN-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause
a ...)
+ TODO: check
+CAN-2003-1071 (wall for Solaris 2.6 through 9 allows local users to send
messages to ...)
+ TODO: check
+CAN-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9
allows ...)
+ TODO: check
+CAN-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows
remote ...)
+ TODO: check
+CAN-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows
local ...)
+ TODO: check
+CAN-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used
in ...)
+ TODO: check
+CAN-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9
allows ...)
+ TODO: check
+CAN-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and
...)
+ TODO: check
+CAN-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a
denial ...)
+ TODO: check
+CAN-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4)
...)
+ TODO: check
+CAN-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for
SPARC ...)
+ TODO: check
+CAN-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to
cause a ...)
+ TODO: check
+CAN-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers
to ...)
+ TODO: check
+CAN-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame
buffer in ...)
+ TODO: check
+CAN-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in
Direct ...)
+ TODO: check
+CAN-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun
...)
+ TODO: check
+CAN-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users
to ...)
+ TODO: check
+CAN-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8
and 9 ...)
+ TODO: check
+CAN-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update
1/01 ...)
+ TODO: check
+CAN-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST,
...)
+ TODO: check
+CAN-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote
attackers ...)
+ TODO: check
+CAN-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through
8 ...)
+ TODO: check
+CAN-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of
...)
+ TODO: check
+CAN-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9
...)
+ TODO: check
+CAN-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in
...)
+ TODO: check
+CAN-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8
does ...)
+ TODO: check
CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local
users ...)
NOTE: not-for-us (AIX)
CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail
allows ...)
@@ -17,10 +113,10 @@
NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
- mozilla-firefox (unfixed; bug #293975)
- mozilla-browser (unfixed; bug #294274)
-CAN-2005-0232
- NOTE: reserved
-CAN-2005-0231
- NOTE: reserved
+CAN-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean
configuration ...)
+ TODO: check
+CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when
a ...)
+ TODO: check
CAN-2005-0230
NOTE: reserved
CAN-2005-0229
@@ -324,8 +420,7 @@
- evolution 2.0.3-1.2
CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1
and ...)
- newspost 2.1.1-2
-CAN-2005-0100
- NOTE: reserved
+CAN-2005-0100 (Format string vulnerability in the movemail utility in Emacs
21.3 ...)
{DSA-671-1 DSA-670-1}
- emacs21 21.3+1-9
- xemacs21 21.4.16-2
@@ -434,34 +529,34 @@
NOTE: reserved
CAN-2005-0058
NOTE: reserved
-CAN-2005-0057
- NOTE: reserved
-CAN-2005-0056
- NOTE: reserved
-CAN-2005-0055
- NOTE: reserved
-CAN-2005-0054
- NOTE: reserved
-CAN-2005-0053
- NOTE: reserved
+CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and
Server 2003 ...)
+ TODO: check
+CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate
certain ...)
+ TODO: check
+CAN-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate
buffers ...)
+ TODO: check
+CAN-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to
execute ...)
+ TODO: check
+CAN-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to
execute ...)
+ TODO: check
CAN-2005-0052
NOTE: reserved
-CAN-2005-0051
- NOTE: reserved
-CAN-2005-0050
- NOTE: reserved
-CAN-2005-0049
- NOTE: reserved
+CAN-2005-0051 (Windows XP SP1 and SP2 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000
...)
+ TODO: check
+CAN-2005-0049 (Windows SharePoint Services and SharePoint Team Services for
Windows ...)
+ TODO: check
CAN-2005-0048
NOTE: reserved
-CAN-2005-0047
- NOTE: reserved
+CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly
"validate the use ...)
+ TODO: check
CAN-2005-0046
NOTE: reserved
-CAN-2005-0045
- NOTE: reserved
-CAN-2005-0044
- NOTE: reserved
+CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows 2000,
XP, ...)
+ TODO: check
+CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and
...)
+ TODO: check
CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to
execute ...)
NOTE: not-for-us (iTunes)
CAN-2005-0042
@@ -677,7 +772,7 @@
NOTE: not-for-us (Asante FM2008)
CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default
username ...)
NOTE: not-for-us (Asante FM2008)
-CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) in Internet Explorer ...)
+CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to
inject ...)
NOTE: not-for-us (MSIE)
CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for
Namazu ...)
{DSA-627-1}
@@ -837,8 +932,8 @@
NOTE: reserved
CAN-2004-1245
NOTE: reserved
-CAN-2004-1244
- NOTE: reserved
+CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute
arbitrary ...)
+ TODO: check
CAN-2004-1243
NOTE: reserved
CAN-2004-1242
@@ -1094,8 +1189,8 @@
NOTE: not-for-us (Microsoft)
CAN-2004-1132
NOTE: reserved
-CAN-2004-1131
- NOTE: reserved
+CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO
OpenServer ...)
+ TODO: check
CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in
CMailServer ...)
NOTE: not-for-us (CMailServer)
CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2)
addressc.asp, and ...)
@@ -1769,9 +1864,9 @@
CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in
asn1.c ...)
NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
HELP: which radius daemon in debian is "GNU Radius" (if any)?
-CAN-2004-0848
- NOTE: reserved
-CAN-2004-0847 (The Microsoft .NET forms authentication capability allows remote
...)
+CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers
to ...)
+ TODO: check
+CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET
allows ...)
NOTE: not-for-us (microsoft)
CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for
Mac, and ...)
NOTE: not-for-us (microsoft)
@@ -2305,7 +2400,7 @@
{DSA-536}
CAN-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows
remote ...)
{DSA-536}
-CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier allow
remote ...)
+CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used
in ...)
{DSA-536}
CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces
(eql.c) in ...)
TODO: check with kernel team