Moritz Muehlenhoff
2005-Jun-03 23:09 UTC
[Secure-testing-commits] r1199 - sarge-checks/CAN
Author: jmm-guest Date: 2005-06-03 23:09:30 +0000 (Fri, 03 Jun 2005) New Revision: 1199 Modified: sarge-checks/CAN/list Log: - Several not-for-us - some issues need further evaluation (kernel disk encryption, some minor temp races) - CANified ht issues Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-06-03 22:29:30 UTC (rev 1198) +++ sarge-checks/CAN/list 2005-06-03 23:09:30 UTC (rev 1199) @@ -17,7 +17,8 @@ CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...) NOTE: not-for-us (MyBB) CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...) - TODO: check + NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such + NOTE: behaviour, seems like a broken PAM setup on the submitter''s side CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...) NOTE: not-for-us (SoftICE) CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...) @@ -174,13 +175,15 @@ CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...) - shtool (unfixed; bug #311206) CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...) - TODO: check + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...) - TODO: check + NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies + TODO: check, whether this still applies CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...) NOTE: not-for-us (Oracle) CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...) - TODO: check + NOTE: not-for-us (CVSup third party modules) CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...) NOTE: not-for-us (PJ CGI Nero) CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...) @@ -253,7 +256,8 @@ CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...) NOTE: not-for-us (Banner engine) CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...) - TODO: check + TODO: check these packages, whether they create tempfiles with the current PID: + TODO: fvwm, fvwm-gnome, x-base-clients, lvm10 CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...) NOTE: not-for-us (Mephistoles) CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...) @@ -792,15 +796,15 @@ CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...) NOTE: not-for-us (Bakbone Netvault) CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...) - NOTE: not-for-us (HT Editor) + - ht 0.8.0-2 CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...) - NOTE: not-for-us (HT Editor) + - ht 0.8.0-2 CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 1.53 allows remote ...) NOTE: CVE info about vulnerable version number is bogus - tiff 3.7.2-3 NOTE: tiff3g not in testing CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...) - TODO: check + NOTE: not-for-us (Novell Zenworks) CAN-2005-1542 NOTE: reserved CAN-2005-1541 @@ -867,8 +871,6 @@ - binutils 2.15-6 CAN-2005-XXXX [kmd affected by binutils''s ELF parser vulnerability] - kmd 0.9.19-1.1 -CAN-2005-XXXX [Multiple vulnerabilities in HT editor] - - ht 0.8.0-2 CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] NOTE: Source package has been renamed from unrar to unrar-free - unrar-free 1:0.0.1-2 @@ -1862,7 +1864,7 @@ CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...) - postgresql 7.4.7-6 CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...) - TODO: check + NOTE: not-for-us (Apple) CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...) NOTE: not-for-us (Skype) CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...) @@ -2197,21 +2199,21 @@ CAN-2005-1257 NOTE: reserved CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1253 NOTE: reserved CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1251 NOTE: reserved CAN-2005-1250 NOTE: reserved CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...) - TODO: check + NOTE: not-for-us (IMail) CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...) NOTE: not-for-us (Apple iTunes) CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)