Author: jmm-guest Date: 2005-06-29 10:40:42 +0000 (Wed, 29 Jun 2005) New Revision: 1302 Modified: data/CAN/list Log: new proftpd format string issue processed half of my block. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-06-29 10:02:07 UTC (rev 1301) +++ data/CAN/list 2005-06-29 10:40:42 UTC (rev 1302) @@ -1,3 +1,5 @@ +CAN-2005-XXXX [proftpd format string vulnerability in ftpshut] + - proftpd 1.2.10-9 CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...) NOTE: not-for-us (BisonFTP Server) CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...) @@ -50,47 +52,49 @@ NOTE: not-for-us (RealPlayer) begin claimed by jmm CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Perception LiteServe) CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) - TODO: check + NOTE: not-for-us (iSMTP) CAN-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) - TODO: check + NOTE: not-for-us (QNX) CAN-2002-1982 (Directory traversal vulnerability in the list_directory function in ...) - TODO: check + TODO: check, possibly affected, but sphor currently off, minor issue CAN-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...) - TODO: check + NOTE: not-for-us (Solaris) CAN-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) - TODO: check + NOTE: not-for-us (Watchguard SOHO) CAN-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...) - TODO: check + NOTE: not-for-us (IPFilter) CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) - TODO: check + NOTE: not-for-us (Proprietary PGP) CAN-2002-1976 (ifconfig in Linux kernel 2.2 and 2.4 does not report when the network ...) - TODO: check + NOTE: Kernel 2.2 introduced a different way to set promisc mode through setsockopt() + NOTE: instead through an ioctl() as before. + TODO: check, whether current ifconfig handles that correctly, I guess so CAN-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt ...) - TODO: check + NOTE: not-for-us (Zaurus hardware) CAN-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...) - TODO: check + NOTE: not-for-us (Zaurus hardware) CAN-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...) - TODO: check + NOTE: not-for-us (Microsoft) CAN-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...) - TODO: check + NOTE: not-for-us (pp_powerSwitch) CAN-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...) - TODO: check + NOTE: not-for-us (Sourcecraft Networking Utils) CAN-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...) - TODO: check + NOTE: not-for-us (SnortCenter) CAN-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) - TODO: check + NOTE: not-for-us (Magic Notebook) CAN-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) - TODO: check + NOTE: not-for-us (Com21 hardware) CAN-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (XiRCON) CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...) - TODO: check + NOTE: not-for-us (My Postcards Platinum) CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...) TODO: check CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...)