thr3ads.net - Secure testing commits - [Secure-testing-commits] r4538

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Aug-09 17:01 UTC
[Secure-testing-commits] r4538 - data/CVE

Author: stef-guest
Date: 2006-08-09 17:00:33 +0000 (Wed, 09 Aug 2006)
New Revision: 4538

Modified:
   data/CVE/list
Log:
- new realtime-lsm-source issue
- samba issue fixed
- egroupware bugnum
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-09 16:34:45 UTC (rev 4537)
+++ data/CVE/list	2006-08-09 17:00:33 UTC (rev 4538)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
+	- realtime-lsm 0.8.7-2 (bug #382161; low)
+	NOTE: only to user 1017 or group 1001 and only while root is building the
module
 CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3
allows ...)
 	NOT-FOR-US: SAPID CMS
 CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and
...)
@@ -71,7 +74,7 @@
 CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad
Vostrykh ...)
 	NOT-FOR-US: Voodoo chat
 CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M.
Jones ...)
-	- egroupware <unfixed> (bug filed; medium)
+	- egroupware <unfixed> (bug #382207; medium)
 CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
 	NOT-FOR-US: Knusperleicht
 CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in
Knusperleicht ...)
@@ -895,13 +898,13 @@
 CVE-2006-3641
 	RESERVED
 CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly
identify the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly
handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3636
 	RESERVED
 CVE-2006-3635
@@ -909,7 +912,7 @@
 CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic
...)
 	TODO: check
 CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users
to ...)
-	TODO: check
+	NOT-FOR-US: shiela
 CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0
...)
 	{DSA-1127}
 	- ethereal <removed> (bug #378745; high)
@@ -1021,13 +1024,13 @@
 CVE-2006-3587 (Unspecified vulnerability in Macromedia Flash Player 8.0.24.0
allows ...)
 	NOT-FOR-US: Macromedia Flash Player 8
 CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Jetbox CMS
 CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox
CMS 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Jetbox CMS
 CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox
CMS ...)
-	TODO: check
+	NOT-FOR-US: Jetbox CMS
 CVE-2006-3583 (Sessiln fixation vulnerability in Jetbox CMS 2.1 SR1 allows
remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Jetbox CMS
 CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and
...)
 	- adplug 2.0.1-1 (bug #378279; medium)
 CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0
and ...)
@@ -1135,7 +1138,7 @@
 CVE-2006-3530 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: PccookBook Component for Mambo and Joomla
 CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb
under ...)
-	TODO: check
+	NOT-FOR-US: EarlyImpact ProductCart
 CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May
10, ...)
 	NOT-FOR-US: Juniper JUNOS
 CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in
Simpleboard ...)
@@ -1185,27 +1188,27 @@
 CVE-2006-3506
 	RESERVED
 CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X
10.4.7 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local
users ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local
users ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for
Apple ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3497 (Unspecified vulnerability in the &quot;compression state
handling&quot; in Bom ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect
keys ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS
 CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy
Zone ...)
 	NOT-FOR-US: Buddy Zone
 CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll
and ...)
@@ -1291,7 +1294,7 @@
 	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
 	NOTE: Only DoS possible, only root can trigger this -> non-issue
 CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and
the ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2006-3456
 	RESERVED
 CVE-2006-3455
@@ -1303,11 +1306,11 @@
 CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has
insecure ...)
 	NOT-FOR-US: Adobe acrobat
 CVE-2006-3451 (Microsoft Internet Explorer does not properly handle chained
Cascading Style ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3450 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through
2003, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3448
 	RESERVED
 CVE-2006-3447
@@ -1317,19 +1320,19 @@
 CVE-2006-3445
 	RESERVED
 CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3442
 	RESERVED
 CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows
2000 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000
SP4, XP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000
SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3437
 	RESERVED
 CVE-2006-3436
@@ -1398,7 +1401,7 @@
 	NOT-FOR-US: QTOFileManager
 CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22
allows remote ...)
 	{DSA-1110}
-	- samba <unfixed>
+	- samba 3.0.23a-1 (bug #378070)
 CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote
attackers ...)
 	NOT-FOR-US: VirtuaStore
 CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake
3: ...)
@@ -1472,15 +1475,15 @@
 CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root
with ...)
 	NOT-FOR-US: Efone
 CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under
the web ...)
-	TODO: check
+	NOT-FOR-US: Mp3NetBox
 CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat
allow ...)
-	TODO: check
+	NOT-FOR-US: V3 Chat
 CVE-2006-3365 (mail/index.php in V3 Chat allows remote attackers to obtain the
...)
-	TODO: check
+	NOT-FOR-US: V3 Chat
 CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in
...)
-	TODO: check
+	NOT-FOR-US: BLOG:CMS
 CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the
Glossaire ...)
-	TODO: check
+	NOT-FOR-US: Glossaire for Xoops
 CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as
used ...)
 	- knowledgeroot <unfixed> (bug #381912)
 CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and
...)
@@ -2010,7 +2013,7 @@
 CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and
possibly ...)
 	NOT-FOR-US: phpRaid
 CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on
the ...)
-	TODO: check
+	NOT-FOR-US: PC Tools AntiVirus
 CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5,
and ...)
 	NOTE: MFSA-2006-46
 	- mozilla <not-affected> (mozilla 1.7 not affected)
@@ -6027,9 +6030,9 @@
 CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the
&quot;failed&quot; functionality ...)
 	NOT-FOR-US: Raindance Web Conferencing Pro
 CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and
10.4.7 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9
...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in
Apple ...)
 	NOT-FOR-US: Apple
 CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote
attackers ...)
@@ -8596,9 +8599,9 @@
 CVE-2006-0394
 	REJECTED
 CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to
cause a ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted
...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS
X ...)
 	NOT-FOR-US: Apple
 CVE-2006-0390
@@ -14715,7 +14718,7 @@
 CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password
...)
 	NOT-FOR-US: Mac OS X
 CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not
prevent multiple ...)
-	TODO: check
+	NOT-FOR-US: Java / Apple
 CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
 	NOT-FOR-US: PhotoPost
 CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and
earlier ...)
@@ -15638,13 +15641,13 @@
 	{DSA-851-1}
 	- openvpn 2.0.2-1 (bug #324167; high)
 CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple
Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Java / Apple
 CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2
on Apple Mac ...)
-	TODO: check
+	NOT-FOR-US: Java / Apple
 CVE-2005-2528
 	RESERVED
 CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac
OS X ...)
-	TODO: check
+	NOT-FOR-US: Java / Apple
 CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to
cause a ...)
 	NOT-FOR-US: MacOS X
 CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file
...)
@@ -17125,7 +17128,7 @@
 CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote
attackers ...)
 	NOT-FOR-US: Apple Darwin Streaming Server
 CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before
10.4.2 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in
...)
 	NOT-FOR-US: PunBB
 CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in
config/password.txt with ...)
Secure testing commits - Aug 2006 - r4538 - data/CVE

[Secure-testing-commits] r4538 - data/CVE
