Author: dom-guest Date: 2005-03-22 02:42:28 +0100 (Tue, 22 Mar 2005) New Revision: 605 Modified: sarge-checks/CAN/list Log: Some not-for-us updates (Symantec Gateway, ir, Tomcat, Subdreamer, MailEnable, The Includer, mcNews, MySQL on Windows, Hola CMS, Cain & Abel). lsh-utils update evolution update Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-22 00:08:06 UTC (rev 604) +++ sarge-checks/CAN/list 2005-03-22 01:42:28 UTC (rev 605) @@ -15,16 +15,16 @@ CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...) NOTE: not-for-us (Pun BB) CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...) - TODO: check + NOTE: not-for-us (Symantec Gateway) CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...) NOTE: not-for-us (Solaris) CAN-2005-0815 (Multiple "range checking flaws" in the ISO9660 filesystem handler in ...) - kernel-source-2.6.8 (unfixed; bug #300783) NOTE: Seems to affect 2.4 as well, needs clarification CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...) - TODO: check + - lsh-utils 2.0.1-1 CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...) - TODO: check + NOTE: not-for-us (ir) CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...) NOTE: not-for-us (NotifyLink) CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...) @@ -34,31 +34,31 @@ CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...) NOTE: not-for-us (NotifyLink) CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/) CAN-2005-0807 (Heap-based buffer overflow in the PSK sniffer for Cain & Abel 2.65 ...) - TODO: check + NOTE: not-for-us (Cain & Abel) CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...) - TODO: check + - evolution (unfixed; bug pending) CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...) - TODO: check + NOTE: not-for-us (Subdreamer) CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...) - TODO: check + NOTE: not-for-us (MailEnable) CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...) NOTE: not-for-us (Windows) CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...) NOTE: not-for-us (ACS Blog) CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...) - TODO: check + NOTE: not-for-us (The Includer) CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...) - TODO: check + NOTE: not-for-us (mcNews) CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...) - TODO: check + NOTE: not-for-us (MySQL on Windows) CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...) NOTE: not-for-us (Novell iChain) CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...) NOTE: not-for-us (Novell iChain) CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...) - TODO: check + NOTE: not-for-us (Hola CMS) CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...) NOTE: not-for-us (Hola CMS) CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)