Author: joeyh
Date: 2005-03-09 22:51:14 +0100 (Wed, 09 Mar 2005)
New Revision: 537
Modified:
sarge-checks/CAN/list
Log:
filled in some holes
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-03-09 16:36:40 UTC (rev 536)
+++ sarge-checks/CAN/list 2005-03-09 21:51:14 UTC (rev 537)
@@ -1,23 +1,23 @@
CAN-2005-0703 (Unknown vulnerability in Xerox MicroServer Web Server for
various ...)
- TODO: check
+ NOTE: not-for-us (Xerox MicroServer Web Server)
CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows
remote ...)
- TODO: check
+ NOTE: not-for-us (phpMyFAQ)
CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i
and 9i ...)
- TODO: check
+ NOTE: not-for-us (Oracle)
CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0
allows ...)
- TODO: check
+ NOTE: not-for-us (Aztek)
CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in
the ...)
- TODO: check
+ - ethereal (unfixed; bug filed)
CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and
earlier ...)
- TODO: check
+ NOTE: not-for-us (PHPWebLog)
CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...)
- TODO: check
+ NOTE: not-for-us (CopperExport)
CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote
...)
- TODO: check
+ NOTE: not-for-us (ArGoSoft)
CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting
...)
- TODO: check
+ NOTE: not-for-us (Hosting Controller)
CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files
under ...)
- TODO: check
+ NOTE: not-for-us (Hosting Controller)
CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote
...)
NOTE: not-for-us (JoWood Chaser (for Windows))
CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 5.x
allows ...)
@@ -327,9 +327,9 @@
CAN-2005-0550
NOTE: reserved
CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2
...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2
...)
- TODO: check
+ NOTE: not-for-us (Solaris)
CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla
1.7.2, ...)
NOTE: not-for-us (Apple Java plugin)
CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows
remote ...)
@@ -1289,7 +1289,7 @@
CAN-2005-0354
NOTE: reserved
CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the
Sentinel ...)
- TODO: check
+ NOTE: not-for-us (Sentinel License Manager)
CAN-2005-0352
NOTE: reserved
CAN-2005-0351
@@ -1875,7 +1875,7 @@
CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote
attackers ...)
- gaim 1:1.1.4
CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x
allows ...)
- TODO: check
+ TODO: check with kernel team
CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and
3.0 ...)
TODO: check
CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without
certain ...)
@@ -2137,7 +2137,8 @@
CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
NOTE: not-for-us (MSIE)
CAN-2005-0109 (Unknown vulnerability in FreeBSD, and possibly other operating
...)
- TODO: check
+ NOTE: not enough info to tell what it affects
+ TODO: wait until May 13th when it''s supposed to be disclosed.
CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote
...)
{DSA-659-1}
- libapache-mod-auth-radius 1.5.7-6