Author: jmm-guest
Date: 2005-12-12 15:54:05 +0000 (Mon, 12 Dec 2005)
New Revision: 3017
Modified:
data/CVE/list
Log:
further syntax and kernel updates
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-12 15:45:34 UTC (rev 3016)
+++ data/CVE/list 2005-12-12 15:54:05 UTC (rev 3017)
@@ -14011,29 +14011,22 @@
CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function
in ...)
[sarge] - kernel-source-2.6.8 2.6.8-12
- linux-2.6 <not-affected> (Fixed before upload into archive)
+ - kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in
2.4)
CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a
denial of ...)
- NOTE: Does not apply to 2.6.8
- NOTE: Fix in 2.6.9-6 pending upload
- - kernel-source-2.6.9 2.6.9-6
- - kernel-source-2.6.10 2.6.10-4
+ [sarge] - kernel-source-2.6.8 <not-affected>
+ TODO: Check 2.4
+ TODO: Check, when this was fixed in 2.6
CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
allows ...)
- NOTE: see USN-82-1
- NOTE: <horms> hacim: at a cursory glance, 2.4.27 does not seem to have
been fixed with regards to that problem
- NOTE: <horms> although it was supposed to be fixed in 2.4.25-2 according
to my notes
- NOTE: <horms> i would try asking marcello
- NOTE: reponse from Marcelo: No - v2.4 is safe because back there
current->signal was not shared.
- - kernel-source-2.6.8 2.6.8-14
- - kernel-source-2.6.9 2.6.9-6
- - kernel-source-2.6.10 2.6.10-6
+ - kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there
current->signal was not shared.)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
+ [sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table
size, ...)
- NOTE: According to joshk, doesn''t apply to 2.4.27
- NOTE: see USN-82-1
- - kernel-source-2.6.8 2.6.8-14
- - kernel-source-2.6.9 2.6.9-6
- - kernel-source-2.6.10 2.6.10-6
+ - kernel-source-2.4.27 <not-affected> (According to joshk,
doesn''t apply to 2.4.27)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
+ [sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local
users to ...)
- NOTE: see USN-82-1, only affects 2.6.9
- - linux-2.6 2.6.12-1
+ TODO: Check 2.6.8 and 2.4 and check, when this was fixed
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass
the ...)
- php4 4:4.3.10-3
CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon
(PPPoEd) in ...)
@@ -14091,7 +14084,7 @@
RESERVED
CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses
function in ...)
- openswan 2.3.0-2
- NOTE: does not seem to affect freeswan
+ - freeswan <not-affected>
CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow
...)
- unace 1.2b-3
CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to
execute ...)
@@ -14125,7 +14118,7 @@
- mozilla-thunderbird 0.7
- mozilla 2:1.7.4
CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses
the ...)
- NOT-FOR-US: thunderbird on windows
+ - mozilla-thunderbird (Affects only Thunderbird on Windows)
CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to
use a ...)
- mozilla-firefox 1.0
- mozilla 2:1.7.5
@@ -14154,13 +14147,17 @@
CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not
correctly ...)
NOT-FOR-US: Irix
CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local
users to ...)
- NOTE: Does not affect 2.6 based kernels in Debian
+ - linux-2.6 <not-affected>
- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136
RESERVED
- - kernel-source-2.6.8 2.6.8-14
+ TODO: Check, when this was fixed upstream
+ TODO: Check, whether 2.4 is affected
+ [sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64)
...)
- - kernel-source-2.6.8 2.6.8-14
+ TODO: Check, when this was fixed upstream
+ TODO: Check, whether 2.4 is affected
+ [sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not
properly ...)
NOT-FOR-US: SCO UnixWare
CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
@@ -14188,8 +14185,8 @@
CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and
earlier do not properly drop ...)
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
+ TODO: Check, when this was fixed upstream
- kernel-source-2.4.27 2.4.27-8
- NOTE: 2.6.8 apparently ok
CVE-2005-0123
RESERVED
CVE-2005-0122
@@ -14250,10 +14247,102 @@
- xemacs21 21.4.16-2
CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly
drop ...)
{DSA-691-1}
- NOTE: abuse is only in woody.
+ - abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL)
before ...)
{DSA-691-1}
- NOTE: abuse is only in woody.
+ TODO: Check, when this was fixed upstream
+ TODO: Check, whether 2.4 is affected
+ [sarge] - kernel-source-2.6.8 2.6.8-14
+CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not
properly ...)
+ NOT-FOR-US: SCO UnixWare
+CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
+ - mozilla-firefox 1.0
+ - mozilla 2:1.7.5
+CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
+ - mozilla-firefox 1.0
+ - mozilla 2:1.7.5
+CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a
denial of ...)
+ - clamav 0.80-0.81rc1-1
+CVE-2005-0132
+ RESERVED
+CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently
uses ...)
+ - konversation 0.15-3
+CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers
to ...)
+ - konversation 0.15-3
+CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote
attackers ...)
+ - konversation 0.15-3
+CVE-2005-0128
+ RESERVED
+CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header,
...)
+ NOT-FOR-US: MacOS
+CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to
execute ...)
+ NOT-FOR-US: MacOS
+CVE-2005-0125 (The "at" commands on Mac OS X 10.3.7 and
earlier do not properly drop ...)
+ NOT-FOR-US: MacOS
+CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c)
for ...)
+ TODO: Check, when this was fixed upstream
+ - kernel-source-2.4.27 2.4.27-8
+CVE-2005-0123
+ RESERVED
+CVE-2005-0122
+ REJECTED
+CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local
users ...)
+ NOT-FOR-US: golddig
+CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete
arbitrary ...)
+ NOT-FOR-US: helvis
+CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and
read the ...)
+ NOT-FOR-US: helvis
+CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world
readable ...)
+ NOT-FOR-US: helvis
+CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to
execute ...)
+ - xshisen 1.51-1-1.1 (bug #289784)
+CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote
attackers to ...)
+ - awstats 6.2-1.1
+CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive
Disassembler ...)
+ NOT-FOR-US: DataRescue Interactive Disassembler
+CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm
...)
+ NOT-FOR-US: ZoneAlarm
+CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary
commands ...)
+ NOT-FOR-US: IRIX
+CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect
Wireless ...)
+ NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
+CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL
MaxDB ...)
+ - maxdb-7.5.00 7.5.00.18
+CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
+ NOT-FOR-US: MSIE
+CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other
operating ...)
+ NOTE: According to Linus Torvalds and others on linux-kernel this is a
theoretical
+ NOTE: attack, paranoid people should disable hyper threading
+ - kfreebsd5-source 5.3-11
+CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote
...)
+ {DSA-659-1}
+ - libapache-mod-auth-radius 1.5.7-6
+ - libpam-radius-auth 1.3.16-3
+CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail
addresses, ...)
+ {DSA-690-1}
+ - bsmtpd 2.3pl8b-16
+CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the
/tmp/entropy file ...)
+ - libnet-ssleay-perl 1.25-1.1
+CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows
local ...)
+ {DSA-684-1}
+ - typespeed 0.4.4-8
+CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
+ {DSA-662-1}
+ - squirrelmail 2:1.4.4
+CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in
SquirrelMail ...)
+ - squirrelmail 2:1.4.4-1
+CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and
earlier ...)
+ {DSA-673-1}
+ - evolution 2.0.3-1.2 (bug #295548)
+CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1
and ...)
+ - newspost 2.1.1-2
+CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs
20.x, ...)
+ {DSA-685-1 DSA-671-1 DSA-670-1}
+ - emacs21 21.3+1-9
+ - xemacs21 21.4.16-2
+CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly
drop ...)
+ {DSA-691-1}
+ - abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows
remote ...)
- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid
2.5.STABLE7 and ...)
@@ -14267,11 +14356,11 @@
CVE-2005-0093
REJECTED
CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
- NOTE: apparently specific to redhat hugemem kernel
+ - linux-2.6 <not-affected> (Apparently specific to Red hat hugemem
kernel)
CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
- NOTE: apparently specific to redhat hugemem kernel
+ - linux-2.6 <not-affected> (Apparently specific to Red hat hugemem
kernel)
CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
- NOTE: apparently specific to redhat hugemem kernel
+ - linux-2.6 <not-affected> (Apparently specific to Red hat hugemem
kernel)
CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before
2.3.5, ...)
{DSA-666-1}
- python2.2 2.2.3-14
@@ -14285,7 +14374,7 @@
NOTE: debian does not have stack protection, but it''s fixed anyway
since 1.0.9
- alsa-lib 1.0.9-1 (unimportant)
CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3
...)
- NOT-FOR-US: redhat specific less bug
+ - less <not-affected> (Red Hat specific less bug)
CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig)
before ...)
{DSA-680-1}
- htdig 1:3.1.6-11
@@ -14294,6 +14383,7 @@
- ethereal 0.10.9-1
CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions
and ...)
NOTE: advisory is vague but implies non-Windows platforms may be vulnerable.
+ TODO: Check this
CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and
other ...)
- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows
remote ...)
@@ -14302,7 +14392,7 @@
{DSA-657-1}
- xine-lib 1-rc6a-1
CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber
(jabberd) ...)
- - jabber 1.4.3-3
+ - jabber 1.4.3-3 (unimportant)
NOTE: We do not ship jadc2s.
CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in)
...)
- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
@@ -14483,11 +14573,11 @@
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server
...)
NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force
flags, ...)
- NOT-FOR-US: gzip on Solaris
+ - gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote
attackers ...)
NOT-FOR-US: Solaris
CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to
cause ...)
- NOT-FOR-US: xdm on Solaris
+ -xdm <not-affected> (xdm on Solaris)
CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local
users ...)
NOT-FOR-US: Solaris
CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager
(ESM) ...)
@@ -14579,18 +14669,17 @@
- mysql-dfsg-4.1 4.1.8a-6
- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on
64-bit ...)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
- kernel-source-2.4.27 2.4.27-9
- - kernel-source-2.6.8 2.6.8-9
- - kernel-source-2.6.9 2.6.9-3
+ [sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password,
does not ...)
NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux
kernel ...)
NOTE: i386 and smp specific
- - kernel-source-2.6.8 2.6.8-13
+ TODO: Check, when this was fixed upstream
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
- kernel-source-2.4.27 2.4.27-8
- - kernel-image-2.4.27-i386 2.4.27-8
- - kernel-image-2.4.27-speakup 2.4.27-1.1 (bug #295624)
- - kernel-patch-powerpc-2.6.8 2.6.8-10
+ [sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1
and ...)
NOT-FOR-US: oracle
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain
privileges ...)
Moritz Muehlenhoff
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r3017 - data/CVE
Florian Weimer wrote:> > CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) > > - NOT-FOR-US: xdm on Solaris > > + -xdm <not-affected> (xdm on Solaris) > > IIRC, this issue had already been fixed in XFree86 as an ordinary bug > at that time it was rediscovered in Solaris. (Just FYI.)Ok, if you can find a reference in which release it was fixed, please update the tracker. Cheers, Moritz
Florian Weimer
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r3017 - data/CVE
* Moritz Muehlenhoff:> CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...) > - NOT-FOR-US: xdm on Solaris > + -xdm <not-affected> (xdm on Solaris)IIRC, this issue had already been fixed in XFree86 as an ordinary bug at that time it was rediscovered in Solaris. (Just FYI.)