Secure testing commits - Feb 2005 - r464 - sarge-checks/CAN

Author: joeyh
Date: 2005-02-22 09:14:19 +0100 (Tue, 22 Feb 2005)
New Revision: 464

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-02-21 22:02:57 UTC (rev 463)
+++ sarge-checks/CAN/list	2005-02-22 08:14:19 UTC (rev 464)
@@ -1,3 +1,161 @@
+CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when
libUIM is ...)
+	TODO: check
+CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier
allows ...)
+	TODO: check
+CAN-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote
attackers ...)
+	TODO: check
+CAN-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers
to ...)
+	TODO: check
+CAN-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option
enabled ...)
+	TODO: check
+CAN-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to
gain ...)
+	TODO: check
+CAN-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to
gain ...)
+	TODO: check
+CAN-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials
that ...)
+	TODO: check
+CAN-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows
remote ...)
+	TODO: check
+CAN-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690
cable ...)
+	TODO: check
+CAN-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form
before ...)
+	TODO: check
+CAN-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to
cause ...)
+	TODO: check
+CAN-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x
allows ...)
+	TODO: check
+CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL
7.12.1, and ...)
+	TODO: check
+CAN-2005-0489
+	NOTE: reserved
+CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
+	TODO: check
+CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
+	TODO: check
+CAN-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in
...)
+	TODO: check
+CAN-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote
attackers ...)
+	TODO: check
+CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004)
and ...)
+	TODO: check
+CAN-2004-1697 (The "Forgot your Password" link in Computer
Associates Unicenter ...)
+	TODO: check
+CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
+	TODO: check
+CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote
attackers to ...)
+	TODO: check
+CAN-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four
default ...)
+	TODO: check
+CAN-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo
4.5 ...)
+	TODO: check
+CAN-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo
4.5 ...)
+	TODO: check
+CAN-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to
cause a ...)
+	TODO: check
+CAN-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in
DNS4Me ...)
+	TODO: check
+CAN-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with
root ...)
+	TODO: check
+CAN-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to
cause a ...)
+	TODO: check
+CAN-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000
3.4.04 ...)
+	TODO: check
+CAN-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers
to ...)
+	TODO: check
+CAN-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR
EU ...)
+	TODO: check
+CAN-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory
in an ...)
+	TODO: check
+CAN-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users
to gain ...)
+	TODO: check
+CAN-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote
...)
+	TODO: check
+CAN-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3)
...)
+	TODO: check
+CAN-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware
...)
+	TODO: check
+CAN-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows
remote ...)
+	TODO: check
+CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk
allows ...)
+	TODO: check
+CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive
...)
+	TODO: check
+CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in
Gadu-Gadu ...)
+	TODO: check
+CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a
...)
+	TODO: check
+CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail
5.2.7 ...)
+	TODO: check
+CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp
Web ...)
+	TODO: check
+CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail
5.2.7 ...)
+	TODO: check
+CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly
other ...)
+	TODO: check
+CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server
7.4.5 ...)
+	TODO: check
+CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server
7.4.5 ...)
+	TODO: check
+CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects
2.0 ...)
+	TODO: check
+CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows
remote ...)
+	TODO: check
+CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows
remote MSN ...)
+	TODO: check
+CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews
1.1 ...)
+	TODO: check
+CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a
denial ...)
+	TODO: check
+CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such
as ...)
+	TODO: check
+CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive
information ...)
+	TODO: check
+CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
+	TODO: check
+CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and
earlier ...)
+	TODO: check
+CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in
CuteNews ...)
+	TODO: check
+CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
+	TODO: check
+CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and
Events ...)
+	TODO: check
+CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991
allows ...)
+	TODO: check
+CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4
and ...)
+	TODO: check
+CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite
...)
+	TODO: check
+CAN-2004-1653 (The default configuration for OpenSSH enables
AllowTcpForwarding, ...)
+	TODO: check
+CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges
if ...)
+	TODO: check
+CAN-2004-1651 (Multiple Cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an
IP ...)
+	TODO: check
+CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local
users to ...)
+	TODO: check
+CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2)
...)
+	TODO: check
+CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote
...)
+	TODO: check
+CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote
attackers ...)
+	TODO: check
+CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows
remote ...)
+	TODO: check
+CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service
(refuse ...)
+	TODO: check
+CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial
of ...)
+	TODO: check
+CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause
a ...)
+	TODO: check
+CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows
remote ...)
+	TODO: check
+CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
0.94 and ...)
+	TODO: check
+CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable
modem ...)
+	TODO: check
 CAN-2005-0488
 	NOTE: reserved
 CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913
allows ...)
@@ -235,8 +393,8 @@
 	NOTE: reserved
 CAN-2005-0468
 	NOTE: reserved
-CAN-2005-0467
-	NOTE: reserved
+CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2)
...)
+	TODO: check
 CAN-2005-0466
 	NOTE: reserved
 CAN-2005-0465
@@ -941,7 +1099,7 @@
 	NOTE: not-for-us (Soldner Secret)
 CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote
...)
 	NOTE: not-for-us (3COM 3CDaemon)
-CAN-2005-0277 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote
...)
+CAN-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision
10 ...)
 	NOTE: not-for-us (3COM 3CDaemon)
 CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in
3Com ...)
 	NOTE: not-for-us (3COM 3CDaemon)
@@ -1172,8 +1330,8 @@
 	TODO: check
 CAN-2005-0205
 	NOTE: reserved
-CAN-2005-0204
-	NOTE: reserved
+CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel
EM64T ...)
+	TODO: check
 CAN-2005-0203
 	NOTE: reserved
 CAN-2005-0202 (Directory traversal vulnerability in the true_path function in
...)
@@ -1228,7 +1386,7 @@
 	NOTE: Fix in 2.6.9-6 pending upload
 	- kernel-source-2.6.9 2.6.9-6
 	- kernel-source-2.6.10 2.6.10-4
-CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
has ...)
+CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
allows ...)
 	NOTE: see USN-82-1
 	NOTE: <joshk> i don''t know anything about the tty layer...but i
can tell that this is just trying to prevent a possible race
 	NOTE: <joshk> i''m going to have to run this by alan cox
@@ -1242,7 +1400,7 @@
 	- kernel-source-2.6.8 2.6.8-14
 	- kernel-source-2.6.9 2.6.9-6
 	- kernel-source-2.6.10 2.6.10-6
-CAN-2005-0176 (The shmctl function in Linux before 2.6.8.1 allows local users
to ...)
+CAN-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local
users to ...)
 	NOTE: see USN-82-1
 	NOTE: only affects 2.6.9
 	- kernel-source-2.6.9 2.6.9-6
@@ -1462,12 +1620,12 @@
 	- squid 2.5.7-4
 CAN-2005-0093
 	NOTE: reserved
-CAN-2005-0092
-	NOTE: reserved
-CAN-2005-0091
-	NOTE: reserved
-CAN-2005-0090
-	NOTE: reserved
+CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
+	TODO: check
+CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
+	TODO: check
+CAN-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
+	TODO: check
 CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before
2.3.5, ...)
 	{DSA-666-1}
 CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows
remote ...)
@@ -3544,7 +3702,7 @@
 	NOTE: reserved
 CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before
1.30.1 ...)
 	{DSA-643-1}
-CAN-2004-0554 (Linux kernel 2.4.2x and 2.6.x for x86 allows local users to
cause a ...)
+CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause
a ...)
 	NOTE: this was a big deal and is fixed in all current kernels
 CAN-2004-0553
 	NOTE: reserved