thr3ads.net - Secure testing commits - [Secure-testing-commits] r1334

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Jul-06 09:14 UTC
[Secure-testing-commits] r1334 - data/CAN

Author: joeyh
Date: 2005-07-06 09:14:13 +0000 (Wed, 06 Jul 2005)
New Revision: 1334

Modified:
   data/CAN/list
Log:
automatic CAN database update

Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-07-06 07:51:42 UTC (rev 1333)
+++ data/CAN/list	2005-07-06 09:14:13 UTC (rev 1334)
@@ -1,3 +1,65 @@
+CAN-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for
Windows ...)
+	TODO: check
+CAN-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the
source of ...)
+	TODO: check
+CAN-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection
and ...)
+	TODO: check
+CAN-2005-2143 (Microsoft Front Page allows attackers to cause a denial of
service ...)
+	TODO: check
+CAN-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60
allows ...)
+	TODO: check
+CAN-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CAN-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0
...)
+	TODO: check
+CAN-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for
Pavsta ...)
+	TODO: check
+CAN-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev
...)
+	TODO: check
+CAN-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote
attackers ...)
+	TODO: check
+CAN-2005-2136 (DSX Raritan Console Servers DSX16, DSX32, DSX4, DSX8, and
DSXA-48 set ...)
+	TODO: check
+CAN-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz
...)
+	TODO: check
+CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2
allow ...)
+	TODO: check
+CAN-2005-2133 (The log4sh_readProperties function in log4sh allows local users
to ...)
+	TODO: check
+CAN-2005-2132
+	NOTE: reserved
+CAN-2005-2131
+	NOTE: reserved
+CAN-2005-2130
+	NOTE: reserved
+CAN-2005-2129
+	NOTE: reserved
+CAN-2005-2128
+	NOTE: reserved
+CAN-2005-2127
+	NOTE: reserved
+CAN-2005-2126
+	NOTE: reserved
+CAN-2005-2125
+	NOTE: reserved
+CAN-2005-2124
+	NOTE: reserved
+CAN-2005-2123
+	NOTE: reserved
+CAN-2005-2122
+	NOTE: reserved
+CAN-2005-2121
+	NOTE: reserved
+CAN-2005-2120
+	NOTE: reserved
+CAN-2005-2119
+	NOTE: reserved
+CAN-2005-2118
+	NOTE: reserved
+CAN-2005-2117
+	NOTE: reserved
+CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf
as ...)
+	TODO: check
 CAN-2005-XXXX [Insecure tempfile generation in ekg]
 	- ekg (unfixed; bug filed; medium)
 CAN-2005-XXXX [Missing input sanitization due in phpwiki''s xmlrpc code
allow execution of arb. php code]
@@ -63,7 +125,7 @@
 	TODO: check
 CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the
web ...)
 	NOTE: not-for-us (Microsoft)
-CAN-2005-2088 (Apache 2.0.45 and 1.3.29 allows remote attackers to poison the
web ...)
+CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows
remote ...)
 	- apache (unfixed; bug #316173; medium)
 CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote
attackers ...)
 	NOTE: not-for-us (Microsoft)
@@ -142,8 +204,9 @@
 CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users
to ...)
 	NOTE: not-for-us (Solaris)
 CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when
used ...)
+	{DSA-737-1}
 	- clamav 0.86-1 (medium)
-CAN-2005-2069 (pam_ldap and OpenLDAP, when connecting to a slave using TLS,
does not ...)
+CAN-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to
a ...)
 	- openldap2.2 2.2.26-3 (medium)
 	- openldap2 2.1.30-11 (medium)
 CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote
attackers ...)
@@ -171,6 +234,7 @@
 CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop
...)
 	NOTE: not-for-us (Infopop UBB.Threads)
 CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV)
before ...)
+	{DSA-737-1}
 	- clamav 0.86.1-1 (medium)
 CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and
RealOne ...)
 	NOTE: not-for-us (RealPlayer)
@@ -525,7 +589,7 @@
 	TODO: check
 CAN-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for
...)
 	TODO: check
-CAN-2002-1816 (Buffer overflow in the sock_gets function in ATPhttpd 0.4b and
earlier ...)
+CAN-2002-1816 (Off-by-one buffer overflow in the sock_gets function in
sockhelp.c for ...)
 	TODO: check
 CAN-2002-1815 (Directory traversal vulnerability in source.php and source.cgi
in ...)
 	TODO: check
@@ -660,6 +724,7 @@
 CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote
attackers to ...)
 	NOTE: not-for-us (Cisco)
 CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote
attackers ...)
+	{DSA-738-1}
 	NOTE: varying and apparently innacurate info about what versions fix it
 	- razor 2.720-1 (low)
 CAN-2005-2023 (Unknown vulnerability in gpg2 on SUSE Linux 9.3, when using
S/MIME ...)
@@ -1163,8 +1228,10 @@
 CAN-2005-1924
 	NOTE: reserved
 CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV)
0.83, ...)
+	{DSA-737-1}
 	- clamav (unfixed; bug #316401; medium)
 CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before
0.86 ...)
+	{DSA-737-1}
 	- clamav 0.86.1-1
 CAN-2005-1921 (PEAR XML_RPC 1.3.0 and earlier, as used in products such as
WordPress, ...)
 	TODO: Track ITP #312413
@@ -1174,8 +1241,8 @@
 	NOTE: reserved
 CAN-2005-1918
 	NOTE: reserved
-CAN-2005-1917
-	NOTE: reserved
+CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
+	TODO: check
 CAN-2005-1916
 	NOTE: reserved
 CAN-2005-1915
@@ -1964,8 +2031,8 @@
 	NOTE: The 1.x version in Sarge and sid is not vulnerable
 CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ)
before ...)
 	NOTE: not-for-us (Pico Server)
-CAN-2005-1625
-	NOTE: reserved
+CAN-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform
function in ...)
+	TODO: check
 CAN-2005-1624
 	NOTE: reserved
 CAN-2005-1623
@@ -3841,7 +3908,7 @@
 	NOTE: not-for-us (mvnForum)
 CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access
for ...)
 	NOTE: not-for-us (iSeries OS)
-CAN-2005-1181 (PHP remote code injection vulnerability in loader.php for
Ariadne CMS ...)
+CAN-2005-1181 (** DISPUTED ** ...)
 	NOTE: not-for-us (Ariadne CMS)
 CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in
...)
 	NOTE: not-for-us (PHP-Nuke)
@@ -14011,7 +14078,7 @@
 CAN-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
 CAN-2002-0587 (Buffer overflow in Ns_PdLog function for the external database
driver ...)
 CAN-2002-0586 (Format string vulnerability in Ns_PdLog function for the
external ...)
-CAN-2002-0585 (Vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT
patches ...)
+CAN-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain
TRANSPORT patches ...)
 CAN-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user
timesheets ...)
 CAN-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5
alphanumeric ...)
 CAN-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in
a ...)
@@ -14749,14 +14816,14 @@
 CAN-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain
sensitive ...)
 CAN-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha
6.2 ...)
 CAN-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows
remote ...)
-CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in LB5000
LB5000II ...)
+CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard
LB5000 ...)
 CAN-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard
ib219 and ...)
 CAN-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier
allows ...)
 CAN-2001-0839 (ibillpm.pl in iBill password management system generates weak
...)
 CAN-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x
allows ...)
 CAN-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and
possibly ...)
 CAN-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local
users ...)
-CAN-2001-0831 (Vulnerability in Oracle Label Security in Oracle 8.1.7 and
9.0.1, when ...)
+CAN-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7
and ...)
 CAN-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1
allows a ...)
 CAN-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a
...)
 CAN-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to
execute ...)
@@ -15201,7 +15268,7 @@
 CAN-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD
and ...)
 CAN-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a
denial of ...)
 CAN-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows
remote ...)
-CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.5, and earlier allows
remote ...)
+CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier
allows ...)
 CAN-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart
program ...)
 CAN-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to
execute ...)
 CAN-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote
attackers to ...)
Secure testing commits - Jul 2005 - r1334 - data/CAN

[Secure-testing-commits] r1334 - data/CAN
