Author: jmm-guest
Date: 2005-04-04 09:20:58 +0000 (Mon, 04 Apr 2005)
New Revision: 739
Modified:
sarge-checks/CAN/list
Log:
Two vulnerabilities in "Remote statistics system".
Correct fixed versions of the telnet vulns for krb5.
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-04-03 22:43:49 UTC (rev 738)
+++ sarge-checks/CAN/list 2005-04-04 09:20:58 UTC (rev 739)
@@ -1751,11 +1751,11 @@
CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various
BSD-based ...)
{DSA-703-1 DSA-699-1 DSA-697-1}
TODO: krb4 contains a BSD derived telnet client as well, check whether
it''s vulnerable
- - krb5 1.3.6-1
+ - krb5 1.3.6-2
- heimdal (unfixed)
CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in
telnet.c for ...)
{DSA-703-1}
- - krb5 1.3.6-1
+ - krb5 1.3.6-2
TODO: check heimdal, krb4, netkit-telnet, netkit-telnet, netkit-telnet-ssl
CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2)
...)
- putty 0.57-1
@@ -2041,10 +2041,12 @@
CAN-2005-0389
NOTE: rejected
- lsh-utils 2.0-1
-CAN-2005-0388
+CAN-2005-0388 [Improper IP number validity checking in remstats permits
arbitrary command execution]
NOTE: reserved
-CAN-2005-0387
+ - remstats 1.0.13a-5
+CAN-2005-0387 [Symlink attack in unix-status-server.pl of remstats]
NOTE: reserved
+ - remstats 1.0.13a-5
CAN-2005-0386
NOTE: reserved
{DSA-700-1}