Author: joeyh
Date: 2005-05-06 09:14:20 +0000 (Fri, 06 May 2005)
New Revision: 1007
Modified:
sarge-checks/CAN/list
Log:
automatic CAN database update
Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list 2005-05-06 09:09:03 UTC (rev 1006)
+++ sarge-checks/CAN/list 2005-05-06 09:14:20 UTC (rev 1007)
@@ -1,3 +1,45 @@
+CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3)
ISUP, ...)
+ TODO: check
+CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before
0.10.11 ...)
+ TODO: check
+CAN-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3)
H.245, ...)
+ TODO: check
+CAN-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before
0.10.11 ...)
+ TODO: check
+CAN-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before
...)
+ TODO: check
+CAN-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before
0.10.11 ...)
+ TODO: check
+CAN-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3)
MGCP, ...)
+ TODO: check
+CAN-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2)
ANSI A ...)
+ TODO: check
+CAN-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal
before ...)
+ TODO: check
+CAN-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4)
CMS, ...)
+ TODO: check
+CAN-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow
remote ...)
+ TODO: check
+CAN-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3)
SMB, (4) ...)
+ TODO: check
+CAN-2005-1458 (Multiple unknown "other problems" in the KINK
dissector in Ethereal ...)
+ TODO: check
+CAN-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3)
...)
+ TODO: check
+CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet
...)
+ TODO: check
+CAN-2005-1455
+ NOTE: reserved
+CAN-2005-1454
+ NOTE: reserved
+CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP
servers to ...)
+ TODO: check
+CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other
versions, ...)
+ TODO: check
+CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers
to ...)
+ TODO: check
+CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote
...)
+ TODO: check
CAN-2005-XXXX [Missing input validation in xtradius]
- xtradius (unfixed; bug #307796)
CAN-2005-XXXX [fai tempfile vulnerability]
@@ -245,34 +287,34 @@
- squid 2.5.9-7
CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers
to ...)
- apache2 2.0.54-3
-CAN-2005-1343
- NOTE: reserved
-CAN-2005-1342
- NOTE: reserved
-CAN-2005-1341
- NOTE: reserved
-CAN-2005-1340
- NOTE: reserved
-CAN-2005-1339
- NOTE: reserved
-CAN-2005-1338
- NOTE: reserved
-CAN-2005-1337
- NOTE: reserved
-CAN-2005-1336
- NOTE: reserved
-CAN-2005-1335
- NOTE: reserved
+CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS
X ...)
+ TODO: check
+CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X
...)
+ TODO: check
+CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary
commands ...)
+ TODO: check
+CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does
not ...)
+ TODO: check
+CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users
to ...)
+ TODO: check
+CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use
...)
+ TODO: check
+CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows
remote ...)
+ TODO: check
+CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9
allows ...)
+ TODO: check
+CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to
gain ...)
+ TODO: check
CAN-2005-1334
NOTE: reserved
-CAN-2005-1333
- NOTE: reserved
-CAN-2005-1332
- NOTE: reserved
-CAN-2005-1331
- NOTE: reserved
-CAN-2005-1330
- NOTE: reserved
+CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and
object ...)
+ TODO: check
+CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the
Bluetooth ...)
+ TODO: check
+CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly
display ...)
+ TODO: check
+CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of
...)
+ TODO: check
CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to
obtain ...)
NOTE: not-for-us (OneWorldStore)
CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of
service ...)
@@ -562,8 +604,8 @@
CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle
(1) ...)
NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in
Debian
- xine-lib 1.0.1-1
-CAN-2005-1194
- NOTE: reserved
+CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for
nasm ...)
+ TODO: check
CAN-2005-1193
NOTE: reserved
CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11,
B.11.22, and ...)
@@ -855,7 +897,7 @@
NOTE: not-for-us (monkeyd)
CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd)
...)
NOTE: not-for-us (monkeyd)
-CAN-2005-1121 (Format string vulnerability in Oops! Proxy Server 1.5.53 and
earlier ...)
+CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for
Oops! ...)
NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
- oops (unfixed; bug #307360)
CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail
...)
@@ -1308,8 +1350,8 @@
NOTE: not-for-us (Bugtracker.NET)
CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to
inject ...)
NOTE: not-for-us (Adventia E-Data)
-CAN-2005-0918
- NOTE: reserved
+CAN-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and
earlier, ...)
+ TODO: check
CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for
...)
NOTE: not-for-us (EncapsBB not in Debian)
CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
@@ -2312,8 +2354,8 @@
- php4 4.3.8-1
CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote
attackers ...)
NOTE: not-for-us (BadBlue)
-CAN-2005-0594
- NOTE: reserved
+CAN-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local
users to ...)
+ TODO: check
CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote
attackers ...)
- mozilla-firefox 1.0.1
- mozilla 2:1.7.6-1
@@ -4679,8 +4721,8 @@
{DSA-617-1}
- libtiff4 3.6.1-4
TODO: other packages containing libtiff code may be vulnerable
-CAN-2004-1307
- NOTE: reserved
+CAN-2004-1307 (Integer overflow in the TIFFFetchStripThing function in
tif_dirread.c ...)
+ TODO: check
CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT,
Windows 2000 ...)
NOTE: not-for-us (Windows)
CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT,
Windows ...)
@@ -8087,7 +8129,7 @@
NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb)
CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on
the ...)
NOTE: not-for-us (castlerock SNMPc)
-CAN-2003-0744 (The fetchnews client in leafnode 1.9.3 to 1.9.41 allows remote
...)
+CAN-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows
remote ...)
- leafnode 1.9.42
CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3)
before 3.36 ...)
{DSA-376}
@@ -8597,9 +8639,9 @@
{DSA-338}
CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in
cleartext in ...)
{DSA-335}
-CAN-2003-0498 (Caché Database 5.x installs the /cachesys/csp
directory with insecure ...)
+CAN-2003-0498 (CachÃ© Database 5.x
installs the /cachesys/csp directory with insecure ...)
NOTE: not-for-us (Intersystems Cache database)
-CAN-2003-0497 (Caché Database 5.x installs
/cachesys/bin/cache with world-writable ...)
+CAN-2003-0497 (CachÃ© Database 5.x
installs /cachesys/bin/cache with world-writable ...)
NOTE: not-for-us (Intersystems Cache database)
CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users
to ...)
NOTE: not-for-us (Microsoft)