Moritz Muehlenhoff
2005-Sep-10 00:45 UTC
[Secure-testing-commits] r1897 - in data: CAN DTSA/advs
Author: jmm-guest Date: 2005-09-10 00:45:14 +0000 (Sat, 10 Sep 2005) New Revision: 1897 Removed: data/DTSA/advs/0-hotzenplotz.adv Modified: data/CAN/list Log: more bugnums remove the old hotzenplotz example .adv Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-10 00:40:15 UTC (rev 1896) +++ data/CAN/list 2005-09-10 00:45:14 UTC (rev 1897) @@ -1,5 +1,5 @@ CAN-2005-XXXX [format string vulnerability in mailutils''s imap4d server] - - mailutils (unfixed; bug filed; high) + - mailutils (unfixed; bug #327424; high) CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...) NOTE: not-for-us (Solaris) CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) @@ -21,7 +21,7 @@ CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...) NOTE: not-for-us (N-Stealth) CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...) - - nikto (unfixed; bug filed; medium) + - nikto (unfixed; bug #327339; medium) CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...) NOTE: not-for-us (Savant Web Server) CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...) Deleted: data/DTSA/advs/0-hotzenplotz.adv ==================================================================--- data/DTSA/advs/0-hotzenplotz.adv 2005-09-10 00:40:15 UTC (rev 1896) +++ data/DTSA/advs/0-hotzenplotz.adv 2005-09-10 00:45:14 UTC (rev 1897) @@ -1,15 +0,0 @@ -source: hotzenplotz -date: September 7th, 2005 -author: Wachtmeister Dimpfelmoser -vuln-type: buffer overflows -problem-scope: remote -debian-specifc: -cve: CAN-1978-0019 -vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html -testing-fix: 3.14-1ts1 -sid-fix: 3.14-2 -upgrade: apt-get install hotzenplotz - -User authentication in hotzenplotz does not verify the user name properly. -A buffer overflow can be exploited to execute arbitrary code with elevated -privileges.