Author: joeyh
Date: 2005-07-22 14:53:34 +0000 (Fri, 22 Jul 2005)
New Revision: 1457
Modified:
data/CAN/list
Log:
Got CVE assignments from mitre, and requested some more.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-07-22 06:24:47 UTC (rev 1456)
+++ data/CAN/list 2005-07-22 14:53:34 UTC (rev 1457)
@@ -5,10 +5,8 @@
- fetchmail 6.2.5-15 (medium)
CAN-2005-2320 [webcalender: Inproper access control may lead to privilege
escalation]
- webcalender (unfixed; bug #315671; medium)
- NOTE: CAN request sent to mitre
-CAN-2005-XXXX [xsupplicant leaks sensitive password information into logfile]
+CAN-2005-2437 [xsupplicant leaks sensitive password information into logfile]
- xsupplicant (unfixed; bug #317703; medium)
- NOTE: CAN request sent to mitre
CAN-2005-XXXX [Insecure temp usage in gopher]
- gopher 3.0.8 (low)
CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access
definitions]
@@ -19,6 +17,7 @@
- shorewall 2.4.1-2 (medium)
CAN-2005-XXXX [pdns: Two DoS vulnerabilities in the LDAP backend]
- pdns (unfixed; bug #318798; medium)
+ NOTE: CVE id requested from mitre
CAN-2005-2275
NOTE: reserved
CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a
...)
@@ -428,6 +427,7 @@
TODO: check
CAN-2005-XXXX [netpanzer: DoS through endless loop trigged through a crafted
packet]
- netpanzer (unfixed; bug #318329; medium)
+ NOTE: CVE id requested from mitre
CAN-2005-XXXX [Missing input sanitising in affix''s btsrv/btobex
services]
- affix 2.1.2-2 (medium)
CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple
USANet ...)
@@ -475,6 +475,7 @@
- oftpd (unfixed; bug #318286; medium)
CAN-2005-XXXX [oftpd port DOS]
- oftpd (unfixed; bug #307957; low)
+ NOTE: CVE id requested from mitre
CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated
users to ...)
NOTE: not-for-us (AIX)
CAN-2005-2237 (Format string vulnerability in the swcons command in IBM AIX
5.3, and ...)
@@ -737,9 +738,8 @@
NOTE: not-for-us (Online Recruitment Agency)
CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass
its ...)
NOTE: not-for-us (Online-bookmarks)
-CAN-2005-XXXX [base-config log should not be world readable]
+CAN-2005-2348 [base-config log should not be world readable]
- base-config 2.68 (low)
- NOTE: CAN request sent to mitre
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick
& Dirty ...)
NOTE: not-for-us (PHPSource Printer)
CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote
...)
@@ -852,6 +852,7 @@
NOTE: reserved
CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf
as ...)
- cupsys 1.1.20final+rc1-1 (low)
+ NOTE: CVE assignement requested from mitre
CAN-2005-2116
NOTE: rejected
{DSA-745-1}
@@ -2234,14 +2235,13 @@
CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used
memory ...)
{DSA-744-1}
- fuse 2.3.0-1
-CAN-2005-XXXX [Directory traversal in zoo]
+CAN-2005-2349 [Directory traversal in zoo]
- zoo (unfixed; bug #309594; medium)
- NOTE: CAN request sent to mitre
-CAN-2005-XXXX [Cross Site Scripting in websieve]
+CAN-2005-2350 [Cross Site Scripting in websieve]
- websieve (unfixed; bug #311838; low)
- NOTE: CAN number requested from mitre
NOTE: second half of bug suggets lack of escaping of user data
NOTE: could be used to compromise program somehow
+ NOTE: that is not covered by the CAN though due to vagueness
CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in
phpCMS ...)
NOTE: not-for-us (phpCMS)
CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum
Help Desk ...)
@@ -2527,9 +2527,8 @@
NOTE: not-for-us (Yahoo Messenger)
CAN-2005-XXXX [Unspecified issue in moodle''s admin/delete.php]
- moodle 1.4.4.dfsg.1-3
-CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
+CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
- mutt (unfixed; bug #311296; low)
- NOTE: CAN number assignment requested from mitre
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian
is
NOTE: no longer affected.
@@ -3961,20 +3960,21 @@
- mailutils 0.6.1-2
CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES
attacks]
- maradns 1.0.27-1
-CAN-2005-XXXX [Temp file races in gs-gpl addons scripts]
+CAN-2005-2352 [Temp file races in gs-gpl addons scripts]
- gs-gpl (unfixed; bug #291373; low)
- NOTE: CAN number requested from mitre
CAN-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
-CAN-2005-XXXX [Insecure temp file handling in Thunderbird]
+CAN-2005-2353 [Insecure temp file handling in Thunderbird]
- mozilla-thunderbird (unfixed; bug #306893; low)
- NOTE: CAN request sent to mitre
CAN-2005-XXXX [Directory traversal in unzoo]
- unzoo 4.4-4
CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
- syslog-ng 1.6.5-2.1
-CAN-2005-XXXX [tracksballs: Missing checks for symlinks when writing to
predictable file names]
+CAN-2005-XXXX [trackballs: Follows symlinks as gid games]
- trackballs (unfixed; bug #302454; medium)
+ NOTE: CVE request sent to mitre
+ TODO: check possibility of exploitation via scripting language,
+ TODO: as mentioned in the bug report as a separate issue
CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation
about it]
- pwgen 2.04-1
CAN-2005-XXXX [Insecure handling of gpg passphrases in gabber]
@@ -4026,17 +4026,14 @@
- xtradius 1.2.1-beta2-2 (low)
CAN-2005-XXXX [fai tempfile vulnerability]
- fai 2.8.2
-CAN-2005-XXXX [nvu uses old version of mozilla]
- NOTE: contains old copy of xpcom library
+CAN-2005-2354 [nvu uses old copy of mozilla xpcom]
NOTE: have not checked to see which security holes re in it exatly
NOTE: Has been removed from Sarge
- nvu (unfixed; bug #306822)
- NOTE: CAN number requested from mitre
CAN-2005-XXXX [eskuel: arbitrary file retreiving]
- eskuel 1.0.5-3.1 (low)
-CAN-2005-XXXX [eskuel: No authentication at all]
+CAN-2005-2355 [eskuel: No authentication at all]
- eskuel (unfixed; bug #163653; low)
- NOTE: CAN number requested from mitre
CAN-2005-XXXX [Buffer overflow in elog''s header buffer]
- elog 2.5.7+r1558-3
CAN-2005-XXXX [Unspeficied security issue in ipsec-tool''s single DES
support]
@@ -4494,6 +4491,7 @@
NOTE: this release added lots of warnings about the security problems
- quake2 1:0.3-1.1
- quake2 (unfixed; bug #280573; low)
+ NOTE: CVE id requested from mitre
CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.4.2, ...)
NOTE: not-for-us (MediaWiki not yet in Debian), see CAN-2005-1888
CAN-2005-1244 (Directory traversal vulnerability in the third party tool from
NetIQ, ...)
@@ -9559,6 +9557,8 @@
- libc6 2.3.2.ds1-19
CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh
scripts ...)
- gs-common 0.3.6-0.1
+ - gs-gpl (unfixed; bug #291373; low)
+ NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext
...)
- gettext 0.14.1-6
CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the
user-specified ...)