Author: joeyh
Date: 2005-09-20 09:14:18 +0000 (Tue, 20 Sep 2005)
New Revision: 2050
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-20 06:59:19 UTC (rev 2049)
+++ data/CAN/list 2005-09-20 09:14:18 UTC (rev 2050)
@@ -1,8 +1,224 @@
-CAN-2005-2945 [insecure temporary file handling in arc]
+CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1
stores ...)
+ TODO: check
+CAN-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5
allow ...)
+ TODO: check
+CAN-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect
...)
+ TODO: check
+CAN-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4
allows ...)
+ TODO: check
+CAN-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3
...)
+ TODO: check
+CAN-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks
...)
+ TODO: check
+CAN-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows
remote ...)
+ TODO: check
+CAN-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical
...)
+ TODO: check
+CAN-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1
...)
+ TODO: check
+CAN-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and
1.4.5 ...)
+ TODO: check
+CAN-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+ TODO: check
+CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing
Noah''s ...)
+ TODO: check
+CAN-2005-2978
+ NOTE: reserved
+CAN-2005-2977
+ NOTE: reserved
+CAN-2005-2976
+ NOTE: reserved
+CAN-2005-2975
+ NOTE: reserved
+CAN-2005-2974
+ NOTE: reserved
+CAN-2005-2973
+ NOTE: reserved
+CAN-2005-2972
+ NOTE: reserved
+CAN-2005-2971
+ NOTE: reserved
+CAN-2005-2970
+ NOTE: reserved
+CAN-2005-2969
+ NOTE: reserved
+CAN-2005-2968
+ NOTE: reserved
+CAN-2005-2967
+ NOTE: reserved
+CAN-2005-2966
+ NOTE: reserved
+CAN-2005-2965
+ NOTE: reserved
+CAN-2005-2964
+ NOTE: reserved
+CAN-2005-2963
+ NOTE: reserved
+CAN-2005-2962
+ NOTE: reserved
+CAN-2005-2961
+ NOTE: reserved
+CAN-2005-2960
+ NOTE: reserved
+CAN-2005-2959
+ NOTE: reserved
+CAN-2005-2958
+ NOTE: reserved
+CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows
1.00.00.68 ...)
+ TODO: check
+CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive
data ...)
+ TODO: check
+CAN-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions,
uses an ...)
+ TODO: check
+CAN-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor
before ...)
+ TODO: check
+CAN-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA
...)
+ TODO: check
+CAN-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro
...)
+ TODO: check
+CAN-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
+ TODO: check
+CAN-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0
through ...)
+ TODO: check
+CAN-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes
...)
+ TODO: check
+CAN-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill
list ...)
+ TODO: check
+CAN-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows
user-complicit ...)
+ TODO: check
+CAN-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for
...)
+ TODO: check
+CAN-2005-2944 (The perform_file_save function in GNOME Workstation Command
Center ...)
+ TODO: check
+CAN-2005-2943
+ NOTE: reserved
+CAN-2005-2942
+ NOTE: reserved
+CAN-2005-2941
+ NOTE: reserved
+CAN-2005-2940
+ NOTE: reserved
+CAN-2005-2939
+ NOTE: reserved
+CAN-2005-2938
+ NOTE: reserved
+CAN-2005-2937
+ NOTE: reserved
+CAN-2005-2936
+ NOTE: reserved
+CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the
C ...)
+ TODO: check
+CAN-2005-2934
+ NOTE: reserved
+CAN-2005-2933
+ NOTE: reserved
+CAN-2005-2932
+ NOTE: reserved
+CAN-2005-2931
+ NOTE: reserved
+CAN-2005-2930
+ NOTE: reserved
+CAN-2005-2929
+ NOTE: reserved
+CAN-2005-2928
+ NOTE: reserved
+CAN-2005-2927
+ NOTE: reserved
+CAN-2005-2926
+ NOTE: reserved
+CAN-2005-2925
+ NOTE: reserved
+CAN-2005-2924
+ NOTE: reserved
+CAN-2005-2923
+ NOTE: reserved
+CAN-2005-2922
+ NOTE: reserved
+CAN-2005-2921
+ NOTE: reserved
+CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other
versions ...)
+ TODO: check
+CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6,
non-default ...)
+ TODO: check
+CAN-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6,
non-default ...)
+ TODO: check
+CAN-2005-2913
+ NOTE: rejected
+ TODO: check
+CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial
of ...)
+ TODO: check
+CAN-2005-2911
+ NOTE: reserved
+CAN-2005-2910
+ NOTE: reserved
+CAN-2005-2909
+ NOTE: reserved
+CAN-2005-2908
+ NOTE: reserved
+CAN-2005-2907
+ NOTE: reserved
+CAN-2005-2906
+ NOTE: reserved
+CAN-2005-2905
+ NOTE: reserved
+CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port"
is not set, allows ...)
+ TODO: check
+CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033
build ...)
+ TODO: check
+CAN-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4
allows ...)
+ TODO: check
+CAN-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in
CjWeb2Mail 3.0 ...)
+ TODO: check
+CAN-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut
1.0 ...)
+ TODO: check
+CAN-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in
details.php in ...)
+ TODO: check
+CAN-2005-2898 (** DISPUTED ** ...)
+ TODO: check
+CAN-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive
information ...)
+ TODO: check
+CAN-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote
attackers ...)
+ TODO: check
+CAN-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions,
allows ...)
+ TODO: check
+CAN-2005-2894 (Cross-site scripting (XSS) vulnerability in the user
registration in ...)
+ TODO: check
+CAN-2005-2893 (Direct static code injection vulnerability in setcookie.php in
PBLang ...)
+ TODO: check
+CAN-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang
4.65, and ...)
+ TODO: check
+CAN-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is
...)
+ TODO: check
+CAN-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access
to ...)
+ TODO: check
+CAN-2005-2889 (Check Point NGX R60 does not properly verify packets against the
...)
+ TODO: check
+CAN-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB)
...)
+ TODO: check
+CAN-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows
remote ...)
+ TODO: check
+CAN-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev
MD-Pro ...)
+ TODO: check
+CAN-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier
...)
+ TODO: check
+CAN-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land
Down ...)
+ TODO: check
+CAN-2005-2883 (Cross-site scripting (XSS) vulnerability in Unclassified
NewsBoard ...)
+ TODO: check
+CAN-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CAN-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass
...)
+ TODO: check
+CAN-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar
4.0.3, ...)
+ TODO: check
+CAN-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak
...)
+ TODO: check
+CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable
...)
- arc (unfixed; bug #329053; low)
CAN-2005-XXXX [insecure temporary file handling in ncompress]
- ncompress (unfixed; bug #329052; unimportant)
CAN-2005-2917 [DoS vulnerability in squid''s NMTL auth code]
+ NOTE: reserved
- squid 2.5.10-6 (unknown)
CAN-2005-XXXX [user password file created by gajim is world-redable]
- gajim 0.8.2-1 (bug #325080; low)
@@ -20,16 +236,17 @@
CAN-2005-XXXX [texinfo: /tmp race condition when processing large input files]
- texinfo (unfixed; bug #328365; low)
CAN-2005-2920 [clamav: libclamav/upx.c: fix possible buffer overflow.]
+ NOTE: reserved
- clamav 0.87-1 (bug #328660; medium)
CAN-2005-2919 [clamav: libclamav/fsg.c: fix possible infinite loop.]
+ NOTE: reserved
- clamav 0.87-1 (bug #328660; medium)
-CAN-2005-2918 [/tmp race condition in gtkdiskfree 1.9.3 and earlier]
+CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and
...)
- gtkdiskfree (bug #328566; low)
CAN-2005-XXXX [Two local kernel DoS through incorrect ioctl refcounter
handling]
TODO: Pinged Horms for 2.4
- linux-2.6 (unfixed; medium)
-CAN-2005-2877 [Shell command injection in twiki via rev arguments]
- NOTE: reserved
+CAN-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and
...)
NOTE: proactively fixed by the robustness patch
- twiki 20040902-2
CAN-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2
allows ...)
@@ -41,7 +258,7 @@
- cupsys 1.1.23-1 (unknown)
CAN-2005-XXXX [snort vulnerable to DoS attack]
- snort (unfixed; bug #328134; low)
-CAN-2005-2871 (Buffer overflow in Mozilla Firefox 1.0.6 and earlier allows
remote ...)
+CAN-2005-2871 (Buffer overflow in the International Domain Name (IDN) support
in ...)
- mozilla-firefox 1.0.6-5 (medium)
- mozilla (unfixed; bug #327455; medium)
- mozilla-thunderbird (unfixed; medium)
@@ -192,8 +409,8 @@
- hiki 0.8.3-1
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs
...)
- linux-2.6 2.6.12-6 (low)
-CAN-2005-2799
- NOTE: reserved
+CAN-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6,
and ...)
+ TODO: check
CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is
enabled, ...)
- openssh 1:4.2p1-1 (bug #326065; medium)
- openssh-krb5 (unfixed; bug #327233; medium)
@@ -517,12 +734,10 @@
NOTE: reserved
CAN-2005-2659
NOTE: reserved
-CAN-2005-2658 [Buffer overflow in turqstat''s date parser]
- NOTE: reserved
+CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat)
2.2.4 ...)
{DSA-812-1}
- turqstat 2.2.4-1 (unknown)
-CAN-2005-2657
- NOTE: reserved
+CAN-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier
...)
{DSA-811-1}
CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with
...)
{DSA-794-1}
@@ -909,7 +1124,7 @@
NOTE: not-for-us (XMB Forum)
CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided
...)
NOTE: not-for-us (XMB Forum)
-CAN-2005-2573 (MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta, ...)
+CAN-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0
before ...)
- mysql not-affected (Windows specific mysql holes)
- mysql-4.1 not-affected (Windows specific mysql holes)
- mysql-5.0 not-affected (Windows specific mysql holes)
@@ -1164,7 +1379,7 @@
NOTE: not-for-us (Integrated Light Out in HP servers)
CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory
8.7.3 ...)
NOTE: not-for-us (Novell eDirectory)
-CAN-2005-2547 (security.c in hcid for BlueZ 2.18 and earlier allows remote
attackers ...)
+CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote
...)
{DSA-782-1 DTSA-9-1}
- bluez-utils 2.19-0.1etch1 (bug #323365; medium)
CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
@@ -1281,15 +1496,13 @@
{DSA-801-1}
NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
- 1:4.2.0a+stable-2sarge1 (medium)
-CAN-2005-2495 [Buffer overflow in x.org''s pixmap allocation]
- NOTE: reserved
+CAN-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
- xorg-x11 6.8.2.dfsg.1-7 (medium)
CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain
root ...)
- kdebase 4:3.4.2-3 (bug #327039; medium)
CAN-2005-2493
NOTE: reserved
-CAN-2005-2492 [Linux kernel sendmsg() DoS/information disclosure]
- NOTE: reserved
+CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
...)
- linux-2.6 (unfixed; bug #327416; medium)
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular
...)
{DSA-800-1 DTSA-10-1}
@@ -1299,8 +1512,7 @@
- python2.1 2.1.3dfsg-3 (medium)
- python2.2 2.2.3dfsg-4 (medium)
- python2.3 2.3.5-8 (medium)
-CAN-2005-2490 [amd64 specific local privilege escalation in sendmsg() from
Linux kernel]
- NOTE: reserved
+CAN-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the
Linux ...)
- linux-2.6 (unfixed; bug #327416; medium)
CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file
functions ...)
{DTSA-16-1}
@@ -4203,8 +4415,7 @@
CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with
predictable ...)
{DSA-754-1 DTSA-2-1}
- centericq 4.20.0-7 (medium)
-CAN-2005-1913 [DoS: in Linux kernel: Clean up subthread exec]
- NOTE: reserved
+CAN-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause
a ...)
{DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.6.11 2.6.11-6 (medium)
@@ -4528,7 +4739,7 @@
- squirrelmail 2:1.4.4-6 (bug #314374; medium)
CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve
system ...)
- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
-CAN-2005-1767 (Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows
local ...)
+CAN-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack
segment ...)
NOTE: linux-2.6 not affected (already fixed)
- kernel-source-2.4.27 2.4.27-11 (unknown)
CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5
...)
@@ -4555,7 +4766,7 @@
- kernel-source-2.6.8 2.6.8-17
- kernel-source-2.6.8 2.6.8-16sarge1
- kernel-source-2.4.27 2.4.27-11
-CAN-2005-1761 (Unknown vulnerability in the Linux kernel allows local users to
cause ...)
+CAN-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local
users ...)
{DTSA-16-1}
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.6.11 2.6.11-6 (medium)
@@ -11741,7 +11952,7 @@
NOTE: not shipped in deb
- krb5 (unfixed; bug #278271; low)
- arla 0.36.2-11
-CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip
package in ...)
+CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip
package, as ...)
{DSA-588-1}
NOTE: sarge is not vulnerable as our version uses set -C
CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions,
as ...)