Author: joeyh Date: 2005-03-30 03:46:10 +0000 (Wed, 30 Mar 2005) New Revision: 682 Modified: sarge-checks/CAN/list Log: checked pending cans except some of the really old ones Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-03-29 21:14:52 UTC (rev 681) +++ sarge-checks/CAN/list 2005-03-30 03:46:10 UTC (rev 682) @@ -1,69 +1,82 @@ CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Webmasters-Debutants WD Guestbook) CAN-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...) - TODO: check + NOTE: not-for-us (CPG Dragonfly) CAN-2005-0913 (Unknown vulnerability in the regex_replace modifier ...) - TODO: check + - smarty 2.6.8-1 CAN-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...) - TODO: check + NOTE: not-for-us (deplate) CAN-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...) - TODO: check + NOTE: not-for-us (exoops) CAN-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...) - TODO: check + NOTE: not-for-us (exoops) CAN-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai''s ...) - TODO: check + NOTE: not-for-us (THai''s Shoutbox) CAN-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...) - TODO: check + NOTE: not-for-us (Valdersoft Shopping Cart) CAN-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...) - TODO: check + NOTE: not-for-us (Valdersoft Shopping Cart) CAN-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...) - TODO: check + NOTE: not-for-us (Tincat network library) CAN-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...) - TODO: check + NOTE: not-for-us (Maxthon) CAN-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the "Force shutdown ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...) - TODO: check + NOTE: not-for-us (QuickTime PictureViewer) CAN-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...) - TODO: check + NOTE: not-for-us (NukeBookmarks for php-nuke) CAN-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...) - TODO: check + NOTE: not-for-us (NukeBookmarks for php-nuke) CAN-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...) - TODO: check + NOTE: not-for-us (NukeBookmarks for php-nuke) CAN-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...) - TODO: check + NOTE: not-for-us (AS/400 running OS400) CAN-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...) - TODO: check + NOTE: not-for-us (E-Store Kit-2 PayPal Edition) CAN-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...) - TODO: check + NOTE: not-for-us (E-Store Kit-2 PayPal Edition) CAN-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...) - TODO: check + NOTE: not-for-us (phpMyDirectory) CAN-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...) - TODO: check + NOTE: not-for-us (Netcomm 1300NB DSL Modem) CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...) - TODO: check + - openmosixview (unfixed; bug #301430) CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...) - TODO: check + - smail (unfixed; bug #301428) + NOTE: no patch known at this time. See also: CAN-2005-0892 CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...) - TODO: check + - smail 3.2.0.115-7 + NOTE: The (upstream) smail maintainer claims both vulnerabilities to be not + NOTE: exploitable. The bugreporter has presented valid claims, though, + NOTE: but the smail maintainer blocks the reporter''s mail domain on + NOTE: SMTP level, so there''s some kind of communication problem :-) + NOTE: The patch applied by the maintainer addresses the heap overflow, + NOTE: but doesn''t touch the sighandler issues. This deserves a second + NOTE: deeper analysis. + NOTE: see CAN-2005-0893 for the other hole.. CAN-2005-0891 NOTE: reserved CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...) - TODO: check + NOTE: "long output from wc to shar" + - shar (unfixed; bug #265904) + NOTE: "unknown vectors in unshar"; actually just a buffer overflow on input filename + - shar (unfixed; bug filed) CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...) - TODO: check + - shar 1:4.2.1-11 CAN-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...) - TODO: check + NOTE: not-for-us (X-News) CAN-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...) - TODO: check + NOTE: not-for-us (Netscape Enterprise Server) CAN-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...) - TODO: check + NOTE: not-for-us (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server) CAN-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...) - TODO: check + - cryptcat 20031202-2 + NOTE: don''t know when it was fixed, verified above version is ok CAN-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...) - TODO: check + - cgiemail 1.6-14 CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...) - TODO: check + NOTE: not-for-us (Verity Search97) CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...) TODO: check CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...) @@ -256,21 +269,10 @@ NOTE: not-for-us (GoAhead Web Server) CAN-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...) NOTE: HAVE_BRAILLE not set in binary build -CAN-2005-XXXX [Exploitable race conditions in OpenMosixView may lead to filesystem trashing] - - openmosixview (unfixed; bug #301430) CAN-2005-XXXX [Buffer overflow in display of messages with MIME encoded filenames in Sylpheed] - sylpheed 1.0.4-1 CAN-2005-XXXX [Buffer overflow in display of messages with MIME encoded filenames in Sylpheed] - sylpheed-claws 1.0.4-1 -CAN-2005-XXXX [Remote and local root vulnerabilities in smail with a broad attack vector] - - smail 3.2.0.115-7 - NOTE: The smail maintainer claims both vulnerabilities to be not - NOTE: exploitable. The bugreporter has presented valid claims, though, - NOTE: but the smail maintainer blocks the reporter''s mail domain on - NOTE: SMTP level, so there''s some kind of communication problem :-) - NOTE: The patch applied by the maintainer addresses the heap overflow, - NOTE: but doesn''t touch the sighandler issues. This deserves a second - NOTE: deeper analysis. CAN-2005-XXXX [Unsafe recommendation (and implementation) of debugging in rscsi] - cdrtools (unfixed; bug #291376) CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)