Author: joeyh Date: 2005-03-28 00:07:52 +0000 (Mon, 28 Mar 2005) New Revision: 672 Modified: sarge-checks/CAN/list Log: checked most of my block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-27 23:20:47 UTC (rev 671) +++ sarge-checks/CAN/list 2005-03-28 00:07:52 UTC (rev 672) @@ -1,77 +1,79 @@ -begin claimed by joeyh CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...) - TODO: check + NOTE: not-for-us (Dream4 Koobi CMS) CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...) - TODO: check + NOTE: not-for-us (Dream4 Koobi CMS) CAN-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOTE: the hole was introduced in 0.9.4.3; I suppose that having + NOTE: this package be orphaned and not get updated for years from 0.9.2 + NOTE: is good for _something_ after all :-P CAN-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...) - TODO: check + - dcl (unfixed; bug filed) CAN-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...) - TODO: check + NOTE: not-for-us (XMB Forum) CAN-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...) - TODO: check + NOTE: not-for-us (DigitalHive) CAN-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...) - TODO: check + NOTE: not-for-us (DigitalHive) CAN-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...) - TODO: check + NOTE: not-for-us (BirdBlog) CAN-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...) - TODO: check + NOTE: not-for-us (Interspire ArticleLive) CAN-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...) - TODO: check + NOTE: not-for-us (Vortex Portal) CAN-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...) - TODO: check + NOTE: not-for-us (Vortex Portal) CAN-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...) - TODO: check + NOTE: not-for-us (MercuryBoard) CAN-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...) - TODO: check + - dnsmasq 2.21 CAN-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...) - TODO: check + - dnsmasq 2.21 CAN-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...) - TODO: check + NOTE: not-for-us (Trillian plugin) CAN-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...) - TODO: check + NOTE: not-for-us (Trillian plugin) CAN-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...) - TODO: check + NOTE: not-for-us (Oracle) CAN-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...) - TODO: check + NOTE: not-for-us (Topic Calendar phpbb2 plugin) CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...) - TODO: check + NOTE: not-for-us (Topic Calendar phpbb2 plugin) CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...) - TODO: check + - phpsysinfo (unfixed; bug #301118) CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...) - TODO: check + - phpsysinfo (unfixed; bug #301118) CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...) - TODO: check + NOTE: checked tn5250, apparently the only AS/400 emulator in debian + NOTE: cannot find STRPCO or STRPCCMD in tn5250. CAN-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...) - TODO: check + TODO: check with kernel team CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...) - TODO: check + - cdrecord (unfixed; bug #291376) CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...) - TODO: check + NOTE: not-for-us (Scalable OGo (SOGo)) CAN-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike''s ...) - TODO: check + NOTE: not-for-us (Mike Spice Mike''s Vote CGI) CAN-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) - TODO: check + NOTE: not-for-us (Mike Spice Quiz CGI) CAN-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) - TODO: check + NOTE: not-for-us (Mike Spice My Calendar) CAN-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) - TODO: check + NOTE: fixed in macromedia flash shortly after discovery 3 years ago + NOTE: did not check the other flash players in debian for this CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...) - TODO: check + NOTE: not-for-us (Lotus Domino CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...) - TODO: check + TODO: check implementatons (isakmpd, etc) CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...) - TODO: check + NOTE: not-for-us (AIX) CAN-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...) - TODO: check -end claimed by joeyh + NOTE: not-for-us (AIX) CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...) NOTE: not-for-us (Samsung ADSL modems) CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...) @@ -221,8 +223,6 @@ NOTE: not-for-us (Alcatel Speed Touch) CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...) NOTE: not-for-us (Alcatel Speed Touch) -CAN-2005-XXXX [Various path disclosure and Cross-Site-Scripting issues in phpsysinfo] - - phpsysinfo (unfixed; bug #301118) CAN-2005-XXXX [Various /tmp related security issues in cernlib] - cernlib 2004.11.04-3 CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)