thr3ads.net - Secure testing commits - [Secure-testing-commits] r2634

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2005-Nov-01 14:11 UTC
[Secure-testing-commits] r2634 - data/CVE

Author: jmm-guest
Date: 2005-11-01 09:54:46 +0000 (Tue, 01 Nov 2005)
New Revision: 2634

Modified:
   data/CVE/list
Log:
openvpn and php CVEfied
lots of NFUs
one ntop issue not-affected


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-01 09:33:44 UTC (rev 2633)
+++ data/CVE/list	2005-11-01 09:54:46 UTC (rev 2634)
@@ -1,74 +1,83 @@
-begin claimed by jmm
 CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Invision Gallery
 CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard
forum ...)
-	TODO: check
+	NOT-FOR-US: oaboard
 CVE-2005-3393 (Format string vulnerability in the foreign_option function in
...)
-	TODO: check
+	- openvpn <unfixed> (bug #336751; medium)
 CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the
virtual ...)
-	TODO: check
+	- php4 <unfixed> (bug #336645; unknown)
+	TODO: check PHP5
 CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote
attackers to ...)
-	TODO: check
+	- php4 <unfixed> (bug #336645; unknown)
+	TODO: check PHP5
 CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x
up to ...)
-	TODO: check
+	- php4 <unfixed> (bug #336645; high)
+	- php5 <unfixed> (bug #336654; high)
+	NOTE: http://www.hardened-php.net/advisory_202005.79.html
+	NOTE: http://www.hardened-php.net/globals-problem
 CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to
5.0.5, ...)
-	TODO: check
+	- php4 <unfixed> (bug #336645; low)
+	- php5 <unfixed> (bug #336654; low)
+	NOTE: http://www.hardened-php.net/advisory_192005.78.html
 CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function
in ...)
-	TODO: check
+	{CVE-2002-1954}
+	- php4 <unfixed> (bug #336645; low)
+	- php5 <unfixed> (bug #336654; low)
+	NOTE: http://www.hardened-php.net/advisory_182005.77.html
 CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before
3.2, ...)
-	TODO: check
+	- ntop <not-affected> (Red Hat specific packaging flaw)
 CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory
script ...)
-	TODO: check
+	NOT-FOR-US: Techno Dreams scripts
 CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script
...)
-	TODO: check
+	NOT-FOR-US: Techno Dreams scripts
 CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script
allows ...)
-	TODO: check
+	NOT-FOR-US: Techno Dreams scripts
 CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script
...)
-	TODO: check
+	NOT-FOR-US: Techno Dreams scripts
 CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4
engine ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus
(UNA) ...)
-	TODO: check
+	NOT-FOR-US: Ukranian National Antivirus
 CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01
allows ...)
-	TODO: check
+	NOT-FOR-US: Panda Titanium
 CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005
...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02
engine ...)
-	TODO: check
+	NOT-FOR-US: Norman
 CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security
Suite ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Ikarus
 CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: F-Prot
 CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Dr. Web
 CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the
11.9.1 ...)
-	TODO: check
+	NOT-FOR-US: eTrust
 CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: AVG
 CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21
...)
-	TODO: check
+	NOT-FOR-US: ArcaVir
 CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module
...)
-	TODO: check
+	NOT-FOR-US: Woltlab Burning Board
 CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced
module ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in
SparkleBlog ...)
-	TODO: check
+	NOT-FOR-US: SparkleBlog
 CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar
2.0a2 ...)
-	TODO: check
+	NOT-FOR-US: PHP iCalendar
 CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: DCP-Portal
 CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow
remote ...)
-	TODO: check
+	NOT-FOR-US: DboardGear
 CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp
Lesson1.1 ...)
-	TODO: check
+	NOT-FOR-US: saphp Lesson
 CVE-2005-3362 (myBloggie 2.1.3 beta and earlier allows remote attackers to
bypass a ...)
-	TODO: check
+	NOT-FOR-US: myBloggie
 CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in
...)
-	TODO: check
+	NOT-FOR-US: FlatNuke
 CVE-2005-3360
 	RESERVED
 CVE-2005-3359
@@ -110,26 +119,9 @@
 CVE-2005-3340
 	RESERVED
 CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Integrity Protection Driver
 CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the
recv ...)
-	TODO: check
-end claimed by jmm
-CVE-2005-XXXX [Remotely exploitable format string vulnerability in openvpn]
-	- openvpn <unfixed> (bug #336751; medium)
-CVE-2005-XXXX [generic XSS vulnerability in PHP''s phpinfo function]
-	{CVE-2002-1954}
-	- php4 <unfixed> (bug #336645; low)
-	- php5 <unfixed> (bug #336654; low)
-	NOTE: http://www.hardened-php.net/advisory_182005.77.html
-CVE-2005-XXXX [PHP register_globals Activation Vulnerability in parse_str]
-	- php4 <unfixed> (bug #336645; low)
-	- php5 <unfixed> (bug #336654; low)
-	NOTE: http://www.hardened-php.net/advisory_192005.78.html
-CVE-2005-XXXX [PHP File-Upload $GLOBALS Overwrite Vulnerability]
-	- php4 <unfixed> (bug #336645; high)
-	- php5 <unfixed> (bug #336654; high)
-	NOTE: http://www.hardened-php.net/advisory_202005.79.html
-	NOTE: http://www.hardened-php.net/globals-problem
+	NOT-FOR-US: nylon
 CVE-2005-XXXX [phpBB issues fixed in 2.0.18]
 	- phpbb2 <unfixed> (bug #336582; bug #336587; high)
 	NOTE: http://www.hardened-php.net/advisory_172005.75.html
Secure testing commits - Nov 2005 - r2634 - data/CVE

[Secure-testing-commits] r2634 - data/CVE
