Secure testing commits - May 2005 - r1030 - sarge-checks/CAN

Author: joeyh
Date: 2005-05-10 09:14:18 +0000 (Tue, 10 May 2005)
New Revision: 1030

Modified:
   sarge-checks/CAN/list
Log:
automatic CAN database update

Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-05-10 04:39:37 UTC (rev 1029)
+++ sarge-checks/CAN/list	2005-05-10 09:14:18 UTC (rev 1030)
@@ -1,3 +1,17 @@
+CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on
the ...)
+	TODO: check
+CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary
Javascript ...)
+	TODO: check
+CAN-2005-1475
+	NOTE: reserved
+CAN-2005-1474
+	NOTE: reserved
+CAN-2005-1473
+	NOTE: reserved
+CAN-2005-1472
+	NOTE: reserved
+CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and
5.3 ...)
+	TODO: check
 CAn-2005-XXXX [race condition with a buffered temp file]
 	NOTE: no bug ever filed for this one
 	- pysvn 1.1.2-3
@@ -178,8 +192,8 @@
 	NOTE: reserved
 CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to
bypass the ...)
 	NOTE: not-for-us (Skype)
-CAN-2005-1406
-	NOTE: reserved
+CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not
properly ...)
+	TODO: check
 CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader
function ...)
 	NOTE: not-for-us (Lotus Domino)
 CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by
...)
@@ -190,10 +204,10 @@
 	NOTE: not-for-us (NeL libarary)
 CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2
and ...)
 	NOTE: not-for-us (Mtp-Target)
-CAN-2005-1400
-	NOTE: reserved
-CAN-2005-1399
-	NOTE: reserved
+CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to
5.4 ...)
+	TODO: check
+CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default
permissions ...)
+	TODO: check
 CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other
versions, ...)
 	NOTE: not-for-us (Skype)
 CAN-2004-1777 (A "range check error" in Skype for Windows
before 0.98.0.28 allows ...)
@@ -11865,7 +11879,7 @@
 CAN-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote
...)
 CAN-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to
cause ...)
 CAN-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server
2000 ...)
-CAN-2001-0505 (Memory leaks in Microsoft Services for Unix 2.0 allows remote
...)
+CAN-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow
remote ...)
 CAN-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener
in ...)
 CAN-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle
8i ...)
 CAN-2001-0496 (kdesu in kdelibs package creates world readable temporary files
...)