thr3ads.net - Secure testing commits - [Secure-testing-commits] r2617

If this information is useful, please help other people find it:
Share via:
Joey Hess
2005-Oct-30 21:11 UTC
[Secure-testing-commits] r2617 - data/CVE

Author: joeyh
Date: 2005-10-30 21:11:23 +0000 (Sun, 30 Oct 2005)
New Revision: 2617

Modified:
   data/CVE/list
Log:
added missing severity info
some bug number updates, removed a dup entry, etc


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-10-30 10:28:53 UTC (rev 2616)
+++ data/CVE/list	2005-10-30 21:11:23 UTC (rev 2617)
@@ -1,8 +1,8 @@
 CVE-2005-XXXX [ntop format string vulnerability]
-	- ntop <unfixed> (bug #335996; unknown)
+	- ntop <unfixed> (bug #335996; low)
 	NOTE: Possibly not exploitable
 CVE-2005-XXXX [Firefox IFRAME buffer overflow]
-	- mozilla-firefox <unfixed> (bug #336171; unknown)
+	- mozilla-firefox <unfixed> (bug #336171; medium)
 CVE-2005-3341 [Insecure temp files in dhis-tools-dns]
 	- dhis-tools-dns 5.0-5
 CVE-2005-XXXX [xdm: full-force SAINT attack crashes xdm]
@@ -13,19 +13,19 @@
 	- xorg-x11 <unfixed> (bug #172890; low)
 	- xfree86 <removed>
 CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary,
which ...)
-	- mantis <unfixed> (bug #330682; unknown)
+	- mantis 0.19.3-0.1 (bug #330682; unknown)
 CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using
...)
-	- mantis <unfixed> (bug #330682; low)
+	- mantis 0.19.3-0.1 (bug #330682; low)
 CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis
before ...)
-	- mantis <unfixed>
+	- mantis <unfixed> (low)
 	NOTE: Pinged Thijs Kinkhorst, who''s preparing an update
 CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows
...)
-	- mantis <unfixed>
+	- mantis 0.19.3-0.1 (high)
 	NOTE: Pinged Thijs Kinkhorst, who''s preparing an update
 CVE-2005-3335 (PHP file inclusion vulnerability in
bug_sponsorship_list_view_inc.php ...)
-	- mantis <unfixed> (bug #335938; medium)
+	- mantis 0.19.3-0.1 (bug #335938; medium)
 CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in
Flyspray ...)
-	- flyspray <unfixed> (bug #335997)
+	- flyspray <unfixed> (bug #335997; low)
 CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote
attackers to ...)
 	NOT-FOR-US: eBASEweb
 CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in
...)
@@ -47,8 +47,8 @@
 CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows
remote ...)
 	NOT-FOR-US: MWChat
 CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2
allows ...)
-	- zope2.8 2.8.1-7 (bug #334055; unknown)
-	- zope2.7 2.7.8-1 (bug #334055; unknown)
+	- zope2.8 2.8.1-7 (bug #334055; high)
+	- zope2.7 2.7.8-1 (bug #334055; high)
 CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows
remote ...)
 	TODO: check
 CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to
modify ...)
@@ -75,7 +75,7 @@
 CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other
...)
 	NOT-FOR-US: BMC Software Control-M
 CVE-2005-3310 (Multiple interpretation error in phpBB 2.0.17, with remote
avatars and ...)
-	- phpbb2 <unfixed> (bug #335662)
+	- phpbb2 <unfixed> (bug #335662; low)
 CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow
remote ...)
 	NOT-FOR-US: Zomplog
 CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog
3.4 ...)
@@ -215,7 +215,9 @@
 CVE-2005-XXXX [Insecure temp file usage in thttpd''s syslogtocern]
 	- thttpd 2.23beta1-4 (low)
 CVE-2005-XXXX [buffer overflow in inkscape]
-	- inkscape <unfixed> (bug #330894)
+	NOTE: exploit may need a shellcode that is valid xml, so may not
+	NOTE: be exploitable for more than a DOS
+	- inkscape <unfixed> (bug #330894; low)
 CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
 	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
 CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for
...)
@@ -273,19 +275,19 @@
 	- pavuk 0.9.33-1 (bug #264684; high)
 	NOTE: second hole mentioned in bug report
 CVE-2005-XXXX [HTTP Request smuggling in pound]
-	- pound 1.9.4-1
+	- pound 1.9.4-1 (low)
 	NOTE: see
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6
before ...)
 	- linux-2.6 2.6.12-2
 	- kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c
in ...)
-	- linux-2.6 2.6.13-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
-	- kernel-source-2.4.27 2.4.27-10sarge1
+	- linux-2.6 2.6.13-1 (low)
+	- kernel-source-2.6.8 2.6.8-16sarge1 (low)
+	- kernel-source-2.4.27 2.4.27-10sarge1 (low)
 CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13
and 2.4 ...)
-	- linux-2.6 2.6.13-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
-	- kernel-source-2.4.27 2.4.27-10sarge1
+	- linux-2.6 2.6.13-1 (low)
+	- kernel-source-2.6.8 2.6.8-16sarge1 (low)
+	- kernel-source-2.4.27 2.4.27-10sarge1 (low)
 CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6
...)
 	- linux-2.6 2.6.12-1
 	- kernel-source-2.6.8 2.6.8-16sarge1
@@ -329,7 +331,7 @@
 	- libmad <unfixed> (bug #287519; low)
 	- mad <removed>
 CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can
incorrectly ...)
-	- enigmail 2:0.93-1 (unknown)
+	- enigmail 2:0.93-1 (low)
 CVE-2005-3253
 	RESERVED
 CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO)
preprocessor for ...)
@@ -381,7 +383,7 @@
 CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda
...)
 	NOT-FOR-US: Panda Antivirus
 CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV
...)
-	- clamav <unfixed>
+	- clamav <unfixed> (low)
 	NOTE: This was already forwarded to sgran; zobel any news yet?
 CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus
...)
 	NOT-FOR-US: Ikarus Antivirus
@@ -487,23 +489,23 @@
 CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote
attackers to ...)
 	- clamav <unfixed> (bug #333566)
 CVE-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is
enabled, ...)
-	- linux-2.6 2.6.12-11
+	- linux-2.6 2.6.12-11 (low)
 	NOTE: Might as well be 2.6.13-2, depending on the next upload
 	- kernel-source-2.4.27 <not-affected> (2.4 kernels don''t have
CONFIG_AUDITSYSCALL)
 CVE-2005-XXXX [Missing safemode checks in PHP''s _php_image_output
functions]
-	- php5 5.0.5-2
-	- php4 4:4.4.0-3
+	- php5 5.0.5-2 (low)
+	- php4 4:4.4.0-3 (low)
 CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and
earlier does ...)
-	- linux-2.6 2.6.12-11
+	- linux-2.6 2.6.12-11 (medium)
 	NOTE: Might as well be 2.6.13-2, depending on the next upload
-	- kernel-source-2.4.27 2.4.27-12
+	- kernel-source-2.4.27 2.4.27-12 (medium)
 	NOTE: CVE requested
 CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
-	- linux-2.6 2.6.13-2
+	- linux-2.6 2.6.13-2 (low)
 	- kernel-source-2.4.27 <not-affected>
 	NOTE: 2.6.12 itself not affected, fixed in SVN
 CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in
sysfs ...)
-	- linux-2.6 2.6.12-11
+	- linux-2.6 2.6.12-11 (medium)
 	NOTE: Might as well be 2.6.13-2, depending on the next upload
 	- kernel-source-2.4.27 <not-affected>
 	NOTE: CVE requested
@@ -596,8 +598,9 @@
 	NOT-FOR-US: Procom NetFORCE
 CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5
allow ...)
 	{DSA-836-1 DSA-835-1}
-	- cfengine <unfixed> (bug #332433)
-	- cfengine2 <unfixed> (bug #332432)
+	- cfengine <unfixed> (bug #332433; low)
+	- cfengine2 <unfixed> (bug #332432; low)
+	NOTE: maintainer does not think it''s a hole, script is unused/broken
 CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player
3.0.0.100 and ...)
 	NOT-FOR-US: Virtools Web Player
 CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier
allows ...)
@@ -627,11 +630,11 @@
 CVE-2005-3123 [Directory traversal in gnump3d]
 	RESERVED
 	{DSA-877-1}
-	- gnump3d 2.9.6-1
+	- gnump3d 2.9.6-1 (medium)
 CVE-2005-3122 [XSS in gnump3d''s 404 page]
 	RESERVED
 	{DSA-877-1}
-	- gnump3d 2.9.6-1
+	- gnump3d 2.9.6-1 (low)
 CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary
file ...)
 	{DSA-867-1}
 	- module-assistant 0.9.10
@@ -663,13 +666,13 @@
 CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers
to ...)
 	- linux-2.6 2.6.12-1
 	- kernel-source-2.6.8 2.6.8-16sarge1
-	- kernel-source-2.4.27 <unfixed> 
+	- kernel-source-2.4.27 <unfixed> (low)
 CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local
users to ...)
 	- linux-2.6 2.6.12-1
 	- kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another
thread that ...)
-	- linux-2.6 <unfixed>
-	- kernel-source-2.6.8 2.6.8-16sarge1
+	- linux-2.6 <unfixed> (low)
+	- kernel-source-2.6.8 2.6.8-16sarge1 (low)
 CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory
mapping ...)
 	- kernel-source-2.6.8 2.6.8-16sarge1
 CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64
Montecito ...)
@@ -697,15 +700,15 @@
 	NOTE: no exploit vector, just bad info
 	- clamav <unfixed> (bug #323803; unimportant)
 CVE-2005-XXXX [smbmount doesn''t honor gid/uid with kernel 2.4]
-	- kernel-source-2.4.27 <unfixed> (bug #310982)
+	- kernel-source-2.4.27 <unfixed> (bug #310982; low)
+	NOTE: probably already fixed in testing, wrote for confirmation
 CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
 	- kdebase 4:3.3.1-1 (bug #278002; low)
 	TODO: According to http://secunia.com/secunia_research/2004-10/advisory/
Firefox and Mozilla aff. as well
 CVE-2003-XXXX [Incomplete reporting of failed logins in login]
 	- login 1:4.0.3-36 (bug #192849)
 CVE-2004-XXXX [slapd debconfage writes password to world readable file under
certain circumstances]
-	- openldap2.2 <unfixed> (bug #260204)
-	TODO: Probably fix already uploaded? -> followup
+	- openldap2.2 <unfixed> (bug #260204; unimportant)
 CVE-2004-XXXX [Unspecified buffer overflow in libmng]
 	- libmng 1.0.8-1 (bug #250106)
 CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
@@ -713,14 +716,14 @@
 CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
 	- libnss-ldap 199-1 (bug #169793)
 CVE-2004-XXXX [Firefox doesn''t clear all cookies]
-	- mozilla-firefox <unfixed> (bug #203034; bug #235932)
+	- mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
 	TODO: Re-check this, most probably fixed by now
 CVE-2004-XXXX [Insecure temp files in amanda''s chg-manual]
-	- amanda <unfixed> (bug #226139; unknown)
+	- amanda <unfixed> (bug #226139; low)
 CVE-2004-XXXX [Potential buffer overflow in firebird2]
 	- firebird2 <unfixed> (bug #264453; unknown)
 CVE-2004-XXXX [Buffer overflow in wdm''s login]
-	- wdm <unfixed> (bug #276218; unknown)
+	- wdm <unfixed> (bug #276218; low)
 CVE-2005-XXXX [Unsafe string landling in ldapdiff]
 	- ldapdiff <not-affected> (The version in Debian doesn''t
contain the vulnerable code, see #306878)
 CVE-2005-XXXX [apt-cache doesn''t differentiate sources which share
several properties]
@@ -732,7 +735,7 @@
 CVE-2005-XXXX [Potential xlockmore bypass]
 	- xlockmore 1:5.13-2.1 (bug #309760)
 CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
-	- hdup <unfixed> (bug #302790)
+	- hdup <unfixed> (bug #302790; low)
 CVE-2001-XXXX [crypt++ passes passwords through the command line]
 	- crypt++el <unfixed> (bug #105562; low)
 CVE-2004-XXXX [Two vulnerabilities in sredird]
@@ -759,8 +762,6 @@
 CVE-2002-XXXX [sanitizer bypassal through quoted file names]
 	- sanitizer <unfixed> (bug #149799; medium)
 	TODO: We should followup, this is probably fixed since the last three years
-CVE-2005-XXXX [hdup does not preserve directory permissions]
-	- hdup <unfixed> (bug #302790)
 CVE-2005-XXXX [Heap overflow in libosip URI parsing]
 	- libosip2 2.0.9-1 (bug #308737)
 CVE-2005-XXXX [rkhunter: Insecure temporary file]
@@ -795,7 +796,7 @@
 CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio
5.0.1 ...)
 	NOT-FOR-US: Image-Line Software FL Studio
 CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before
1.0.0rc1 ...)
-	- mantis <unfixed> (bug #330682; unknown)
+	- mantis 0.19.3-0.1 (bug #330682; low)
 CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in
bug_actiongroup_page.php ...)
 	- mantis 0.19.2-4 (bug #330682; medium)
 CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service
(crash) ...)
@@ -880,7 +881,7 @@
 CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
 	- phpwiki <unfixed> (bug #282565; medium)
 CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
-	- php4 <unfixed> (bug #317577; bug #330419; unknown)
+	- php4 <unfixed> (bug #317577; bug #330419; low)
 	NOTE: Maintainer can''t reproduce
 CVE-1999-XXXX [Insecure access control on GNU Mach''s IO ports]
 	- gnumach <unfixed> (bug #46709)
@@ -1082,7 +1083,7 @@
 	- netpbm-free 2:10.0-10
 CVE-2005-2977 [pam vulnerable to brute force attacks when using SELinux]
 	RESERVED
-	- pam <unfixed> (bug filed)
+	- pam <unfixed> (bug #336344; medium)
 	[sarge] - pam <not-affected> (Does not contain SELinux support)
 	[woody] - pam <not-affected> (Does not contain SELinux support)
 CVE-2005-2976
@@ -1093,7 +1094,7 @@
 	RESERVED
 CVE-2005-2973 [Kernel 2.6 ipv6 local DoS vulnerability]
 	RESERVED
-	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1
+	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
 	- kernel-source-2.4.27 <unfixed>
 	TODO: Check, whether this is fixed in sid''s 2.4.27
 	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
@@ -1136,8 +1137,9 @@
 	NOTE: prozilla is not in sarge or etch
 CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite
arbitrary ...)
 	{DSA-836-1 DSA-835-1}
-	- cfengine <unfixed>
-	- cfengine2 <unfixed>
+	- cfengine <unfixed> (bug #332433; low)
+	- cfengine2 <unfixed> (bug #332432; low)
+	NOTE: maintainer does not think it''s a hole, script is unused/broken
 CVE-2005-2959 (sudo 1.6.8 and earlier does not clear the (1) SHELLOPTS and (2)
PS4 ...)
 	{DSA-870-1}
 	- sudo 1.6.8p9-3 (medium)
@@ -11600,7 +11602,7 @@
 	- kdenetwork 4:3.1.6
 CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel
EM64T ...)
 	NOTE: According to a question on linux-kernel 2.6 is not vulnerable
-	- kernel-source-2.4.27 2.4.27-12 (bug #296700)
+	- kernel-source-2.4.27 2.4.27-12 (bug #296700; high)
 CVE-2005-0203
 	REJECTED
 CVE-2005-0202 (Directory traversal vulnerability in the true_path function in
...)
@@ -12166,8 +12168,8 @@
 CVE-2005-0024
 	RESERVED
 CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users
to ...)
-	- gnome-libs <unfixed> (bug #329156)
-	- vte <unfixed> (bug #330907)
+	- gnome-libs <unfixed> (bug #329156; low)
+	- vte <unfixed> (bug #330907; low)
 CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim
before ...)
 	- exim4 4.34-10
 CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow
attackers to ...)
Secure testing commits - Oct 2005 - r2617 - data/CVE

[Secure-testing-commits] r2617 - data/CVE
