Author: jmm-guest Date: 2005-03-25 11:55:07 +0000 (Fri, 25 Mar 2005) New Revision: 648 Modified: sarge-checks/CAN/list Log: Various vulns not affecting Debian. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-25 03:02:42 UTC (rev 647) +++ sarge-checks/CAN/list 2005-03-25 11:55:07 UTC (rev 648) @@ -1,20 +1,19 @@ CAN-2005-XXXX [Unsafe recommendation (and implementation) of debugging in rscsi] - cdrtools (unfixed; bug #291376) CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...) - TODO: check + NOTE: not-for-us (SurgeMail) CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...) - TODO: check + NOTE: not-for-us (SurgeMail) CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...) - TODO: check + NOTE: not-for-us (Nortel Contivity) CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...) - TODO: check + NOTE: not-for-us (Kayako eSupport) CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...) - TODO: check + NOTE: not-for-us (phpmyfamily) CAN-2005-0840 NOTE: rejected - TODO: check CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...) TODO: check CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...) @@ -24,25 +23,25 @@ CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...) TODO: check CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...) - TODO: check + NOTE: not-for-us (Belkin 54G router) CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...) - TODO: check + NOTE: not-for-us (Belkin 54G router) CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...) - TODO: check + NOTE: not-for-us (Belkin 54G router) CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...) - TODO: check + NOTE: not-for-us (PHP-Post) CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...) - TODO: check + NOTE: not-for-us (PHP-Post) CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...) - TODO: check + NOTE: not-for-us (Xzabite DynDNS Updater) CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...) - TODO: check + NOTE: not-for-us (PHP-Fusion Addon) CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...) - TODO: check + NOTE: not-for-us (e-Xoops based products) CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...) - TODO: check + NOTE: not-for-us (e-Xoops based products) CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (OllyDbg MS Windows debugger) CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...) TODO: check CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...) @@ -54,19 +53,19 @@ CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...) TODO: check CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...) - TODO: check + NOTE: not-for-us (Cayman DSL router) CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...) TODO: check CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...) TODO: check CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...) - TODO: check + NOTE: not-for-us (ColdFusion) CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...) - TODO: check + NOTE: not-for-us (Alcatel Speed Touch) CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...) - TODO: check + NOTE: not-for-us (Alcatel Speed Touch) CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...) - TODO: check + NOTE: not-for-us (Alcatel Speed Touch) CAN-2005-XXXX [Various path disclosure and Cross-Site-Scripting issues in phpsysinfo] - phpsysinfo (unfixed; bug #301118) CAN-2005-XXXX [Various /tmp related security issues in cernlib]