Author: jmm-guest Date: 2005-10-18 21:39:15 +0000 (Tue, 18 Oct 2005) New Revision: 2445 Modified: data/CAN/list Log: adapt more of the older entries to current syntax, update some entries Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-10-18 21:09:05 UTC (rev 2444) +++ data/CAN/list 2005-10-18 21:39:15 UTC (rev 2445) @@ -3207,7 +3207,7 @@ CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...) - links2 2.1pre16-2 (low) CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) - NOT-FOR-US: Intel + NOT-FOR-US: Intel motherboards CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...) NOT-FOR-US: TeeKai CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...) @@ -3223,17 +3223,14 @@ CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...) NOT-FOR-US: Cisco CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...) - NOTE: fixed in 0.7.12-1 - modlogan 0.7.12-1 (low) CAN-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...) - NOTE: fixed in 0.7.12-1 - modlogan 0.7.12-1 (low) CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...) TODO: check CAN-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...) NOT-FOR-US: PFinger CAN-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...) - NOTE: fixed in 0.6.13-1 - sketch 0.6.13-1 (low) CAN-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...) NOT-FOR-US: X-News @@ -3282,7 +3279,6 @@ CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...) NOT-FOR-US: Lotus Domino CAN-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...) - NOTE: fixed in 3:2.2.6-5 - imp 3:2.2.6-5 (high) CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...) NOT-FOR-US: We use the OTHER beep program :P @@ -3305,7 +3301,7 @@ CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) NOT-FOR-US: Lotus Domino CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...) - NOT-FOR-US: Mozilla + TODO: Check this, Mozilla is in the archive CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...) NOT-FOR-US: Apache CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...) @@ -3400,7 +3396,7 @@ CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...) NOT-FOR-US: AIX CAN-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...) - NOTE: not suid in debian + - setiathome <not-affected> (not suid in debian) CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...) NOT-FOR-US: Microsoft CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...) @@ -3499,7 +3495,8 @@ CAN-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...) NOT-FOR-US: HP-UX CAN-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...) - NOTE: lpstat not suid in lprng or cupsys-client in Debian + - lprng <not-affected> (Not suid in Debian) + - cupsys <not-affected> (Not suid in Debian) CAN-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...) - openssh 1:3.0.1 CAN-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...) @@ -3566,10 +3563,9 @@ CAN-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...) - xpvm 1.2.5-8 (bug #318285; medium) CAN-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...) - - oftpd <unfixed> (bug #318286; medium) - NOTE: Maintainer requested removal from the archive, see #332186 + - oftpd <removed> (bug #318286; medium) CAN-2005-XXXX [oftpd port DOS] - - oftpd <unfixed> (bug #307957; low) + - oftpd <removed> (bug #307957; low) NOTE: CVE id requested from mitre CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...) NOT-FOR-US: AIX @@ -3757,8 +3753,7 @@ CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...) NOT-FOR-US: Turbo Traffic Trader CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...) - NOTE: absolutely no useful information, garbage report - NOTE: compare with #306164 + - unzoo 4.4-3 (bug #306164) CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...) NOT-FOR-US: DMXReady CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...) @@ -3948,7 +3943,6 @@ NOT-FOR-US: Soldier of Fortune CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...) NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits - NOTE: did work for mozilla - mozilla 2:1.7.10-1 (bug #318723; medium) CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...) NOT-FOR-US: XOOPS