Author: joeyh
Date: 2005-09-03 09:14:14 +0000 (Sat, 03 Sep 2005)
New Revision: 1788
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-02 21:14:17 UTC (rev 1787)
+++ data/CAN/list 2005-09-03 09:14:14 UTC (rev 1788)
@@ -1,3 +1,150 @@
+CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and
possibly ...)
+ TODO: check
+CAN-2005-2765 (The user interface in the Windows Firewall does not properly
display ...)
+ TODO: check
+CAN-2005-2764
+ NOTE: reserved
+CAN-2005-2763
+ NOTE: reserved
+CAN-2005-2762
+ NOTE: reserved
+CAN-2005-2760
+ NOTE: reserved
+CAN-2005-2759
+ NOTE: reserved
+CAN-2005-2758
+ NOTE: reserved
+CAN-2005-2757
+ NOTE: reserved
+CAN-2005-2756
+ NOTE: reserved
+CAN-2005-2755
+ NOTE: reserved
+CAN-2005-2754
+ NOTE: reserved
+CAN-2005-2753
+ NOTE: reserved
+CAN-2005-2752
+ NOTE: reserved
+CAN-2005-2751
+ NOTE: reserved
+CAN-2005-2750
+ NOTE: reserved
+CAN-2005-2749
+ NOTE: reserved
+CAN-2005-2748
+ NOTE: reserved
+CAN-2005-2747
+ NOTE: reserved
+CAN-2005-2746
+ NOTE: reserved
+CAN-2005-2745
+ NOTE: reserved
+CAN-2005-2744
+ NOTE: reserved
+CAN-2005-2743
+ NOTE: reserved
+CAN-2005-2742
+ NOTE: reserved
+CAN-2005-2741
+ NOTE: reserved
+CAN-2005-2740
+ NOTE: reserved
+CAN-2005-2739
+ NOTE: reserved
+CAN-2005-2738
+ NOTE: reserved
+CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
+ TODO: check
+CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and
earlier ...)
+ TODO: check
+CAN-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and
...)
+ TODO: check
+CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2
and ...)
+ TODO: check
+CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not
properly ...)
+ TODO: check
+CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote
attackers to ...)
+ TODO: check
+CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0,
when ...)
+ TODO: check
+CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote
attackers to ...)
+ TODO: check
+CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly
filter ...)
+ TODO: check
+CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote
...)
+ TODO: check
+CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and
server ...)
+ TODO: check
+CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7
allows ...)
+ TODO: check
+CAN-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly
earlier ...)
+ TODO: check
+CAN-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when
...)
+ TODO: check
+CAN-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive
...)
+ TODO: check
+CAN-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1)
index.php ...)
+ TODO: check
+CAN-2005-2720 (Stack-based buffer overflow in the ACE archive decompression
library ...)
+ TODO: check
+CAN-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a
denial ...)
+ TODO: check
+CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier
allows ...)
+ TODO: check
+CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before
1.0.1 ...)
+ {DSA-799-1}
+ TODO: check
+CAN-2005-2715
+ NOTE: reserved
+CAN-2005-2714
+ NOTE: reserved
+CAN-2005-2713
+ NOTE: reserved
+CAN-2005-2712
+ NOTE: reserved
+CAN-2005-2711
+ NOTE: reserved
+CAN-2005-2710
+ NOTE: reserved
+CAN-2005-2709
+ NOTE: reserved
+CAN-2005-2708
+ NOTE: reserved
+CAN-2005-2707
+ NOTE: reserved
+CAN-2005-2706
+ NOTE: reserved
+CAN-2005-2705
+ NOTE: reserved
+CAN-2005-2704
+ NOTE: reserved
+CAN-2005-2703
+ NOTE: reserved
+CAN-2005-2702
+ NOTE: reserved
+CAN-2005-2701
+ NOTE: reserved
+CAN-2005-2700
+ NOTE: reserved
+CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
+ TODO: check
+CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp
...)
+ TODO: check
+CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard
(MyBB) ...)
+ TODO: check
+CAN-2005-2696 (The Lotus Notes client does not properly restrict access to
password ...)
+ TODO: check
+CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
+ TODO: check
+CAN-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier
versions, ...)
+ TODO: check
+CAN-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly
...)
+ TODO: check
+CAN-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x,
possibly ...)
+ TODO: check
+CAN-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if
modload is ...)
+ TODO: check
CAN-2005-XXXX [osh buffer overflow in handlers.c]
NOTE: This is not the same as -13
- osh 1.7-14 (unfixed; bug #323424; medium)
@@ -9,7 +156,7 @@
- phpldapadmin 0.9.6c-7 (bug #325785; medium)
CAN-2005-XXXX [Insecure symlink handling in smb4k]
- smb4k 0.6.3-1 (medium)
-CAN-2005-2724 [courier XSS vulnerabiliy]
+CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
{DSA-793-1}
- courier 0.47-8 (medium; bug #325631)
CAN-2005-XXXX [xattr sharing bug in kernel''s ext3 code]
@@ -20,10 +167,10 @@
CAN-2005-XXXX [polygen doesn''t honor umask when creating grm.o files]
NOTE: Fix in -8 had problems
- polygen 1.0.6-9 (low)
-CAN-2005-2761 [Various XSS in phpgroupware''s phpgwapi]
+CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare
0.9.16.000 ...)
{DSA-798-1}
- phpgroupware 0.9.16.008-1 (unknown)
-CAN-2005-2716 [Insecure usage of popen() in Affix]
+CAN-2005-2716 (The event_pin_code_request function in the btsrv daemon
(btsrv.c) in ...)
{DSA-796-1}
- affix 2.1.2-3 (bug #325444; medium)
CAN-2005-XXXX [Insecure tempfile usage in tleds]
@@ -31,7 +178,7 @@
CAN-2005-XXXX [XSS in gallery''s EXIF handling]
- gallery 1.5-2 (bug #325285; medium)
- gallery2 (unfixed; bug #325285; medium)
-CAN-2005-2693 [cvs: cvsbug temporary file bug]
+CAN-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files
insecurely, ...)
NOTE: cvs: not shipped in binary package
- cvs 1:1.12.9-15 (bug #325106; low)
- gcvs 1.0final-7 (low)
@@ -110,12 +257,11 @@
CAN-2005-2656
NOTE: reserved
{DSA-794-1}
-CAN-2005-2655 [Privilege escalation due to insufficient privilege drop in
maildrop''s lockmail]
- NOTE: reserved
+CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges
before ...)
{DSA-791-1 DTSA-11-1}
- maildrop 1.5.3-1.1etch1 (medium)
-CAN-2005-2654
- NOTE: reserved
+CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain
anonymous ...)
+ TODO: check
CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to
symlink attacks]
- cplay 1.49-8 (bug #324913; low)
CAN-2005-XXXX [$servers[$i][''disable_anon_bind''] = true
doesn''t prevent anonymous to access ldap directory]
@@ -434,7 +580,7 @@
TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers
to ...)
NOTE: not-fur-us (MidiCart)
-CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled
allows remote attackers to ...)
+CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled, as
used in other products ...)
{DSA-798-1}
- egroupware-fudforum (unfixed; bug #323928; medium)
- phpgroupware 0.9.16.008-1 (bug #323929; medium)
@@ -851,8 +997,8 @@
TODO: check php5
CAN-2005-2497
NOTE: reserved
-CAN-2005-2496
- NOTE: reserved
+CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u
option ...)
+ TODO: check
CAN-2005-2495
NOTE: reserved
CAN-2005-2494
@@ -1180,7 +1326,8 @@
NOTE: not-for-us (FtpLocate)
CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass
authentication ...)
NOTE: not-for-us (hardware issue)
-CAN-2005-2418 (Realchat 3.5.1b allows remote attackers to gain privileges by
...)
+CAN-2005-2418
+ NOTE: rejected
NOTE: not-for-us (Realchat)
CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain
sensitive ...)
NOTE: not-for-us (Contrexx)
@@ -3227,8 +3374,8 @@
NOTE: not-for-us (FreeBSD ipfw)
CAN-2005-2018
NOTE: reserved
-CAN-2005-2017
- NOTE: reserved
+CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to
gain ...)
+ TODO: check
CAN-2005-2016
NOTE: reserved
CAN-2005-2015
@@ -3642,7 +3789,8 @@
NOTE: not-for-us (C.J. Steele Tattle)
CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to
execute ...)
NOTE: not-for-us (JamMail)
-CAN-2005-1958 (Backup Manager 0.5.7 and earlier creates archives with insecure
...)
+CAN-2005-1958
+ NOTE: rejected
- backup-manager 0.5.8-1 (high)
CAN-2005-1957 (File Upload Manager does not properly check user authentication
for ...)
NOTE: not-for-us (File Upload Manager)
@@ -3748,8 +3896,8 @@
CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to
overwrite ...)
{DSA-760-1 DTSA-4-1}
- ekg 1:1.5+20050712+1.6rc2-1 (low)
-CAN-2005-1915
- NOTE: reserved
+CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier
allows ...)
+ TODO: check
CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with
predictable ...)
{DSA-754-1 DTSA-2-1}
- centericq 4.20.0-7 (medium)
@@ -3872,12 +4020,10 @@
CAN-2005-1857
NOTE: reserved
{DSA-786-1}
-CAN-2005-1856 [backup-manager: Potential symlink attack through hard coded file
name]
- NOTE: reserved
+CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses
a ...)
{DSA-787-1}
- backup-manager 0.5.8-2 (low)
-CAN-2005-1855 [Insecure default permissions in backup-manager]
- NOTE: reserved
+CAN-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup
files with ...)
{DSA-787-1}
- backup-manager 0.5.8-2 (medium)
CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to
"missing ...)
@@ -3912,9 +4058,9 @@
NOTE: reserved
CAN-2005-1844
NOTE: reserved
-CAN-2005-1843 (Unknown vulnerability in VCNative for Adobe Version Cue 1.0 and
1.0.1, ...)
+CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in
Creative ...)
NOTE: not-for-us (Windows)
-CAN-2005-1842 (Unknown vulnerability in VCNative for Adobe Version Cue 1.0 and
1.0.1, ...)
+CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in
Creative ...)
NOTE: not-for-us (Windows)
CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris,
...)
NOTE: not-for-us (acroread)
@@ -9077,8 +9223,8 @@
NOTE: see http://secunia.com/advisories/14925
NOTE: kde maintainers informed of it by security team
- kmail (unfixed; bug #305601; medium)
-CAN-2005-0403
- NOTE: reserved
+CAN-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat
...)
+ TODO: check
CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute
arbitrary code ...)
- mozilla-firefox 1.0.2-1
CAN-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently
address all ...)
@@ -11703,8 +11849,8 @@
CAN-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers
to ...)
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
-CAN-2004-0789
- NOTE: reserved
+CAN-2004-0789 (Multiple implementations of the DNS protocol, including (1)
Poslib ...)
+ TODO: check
CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf
before ...)
{DSA-549-1 DSA-546-1}
CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in
OpenCA ...)
@@ -12148,7 +12294,7 @@
- usermin 1.090-1
CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file
in ...)
- qla2x00-source 7.01.01-1
-CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers execute
arbitrary ...)
+CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute
arbitrary ...)
NOTE: not-for-us (Windows)
CAN-2004-0585
NOTE: rejected
@@ -12329,8 +12475,8 @@
- gaim 1:0.81-3
CAN-2004-0499
NOTE: reserved
-CAN-2004-0498
- NOTE: reserved
+CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and
...)
+ TODO: check
CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users
to ...)
NOTE: linux kernel fchown hole, fixed in all current kernels
CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local
users ...)
@@ -18917,7 +19063,8 @@
CAN-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by
...)
CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch,
Mdaemon, and ...)
CAN-1999-0283 (The Java Web Server would allow remote users to obtain the
source ...)
-CAN-1999-0282 (Vulnerabilities in loadmodule and modload programs in SunOS and
...)
+CAN-1999-0282
+ NOTE: rejected
CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed
remotely. ...)
CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that
cause a crash. ...)
CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service.
...)