thr3ads.net - Secure testing commits - [Secure-testing-commits] r4846

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2006-Oct-14 13:29 UTC
[Secure-testing-commits] r4846 - data/CVE

Author: stef-guest
Date: 2006-10-14 13:28:25 +0000 (Sat, 14 Oct 2006)
New Revision: 4846

Modified:
   data/CVE/list
Log:
- CVE-2006-5201 new sun-java5 issue
- CVE-2006-5178 new php open_basedir issue
- CVE-2006-5174/CVE-2006-4997 new linux issue already fixed
- some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-10-14 13:00:09 UTC (rev 4845)
+++ data/CVE/list	2006-10-14 13:28:25 UTC (rev 4846)
@@ -59,7 +59,8 @@
 CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when
...)
 	NOT-FOR-US: Linksys
 CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java
JDK and ...)
-	TODO: check
+	sun-java5 <unfixed>
+	TODO: file bug
 CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and
Breeze ...)
 	NOT-FOR-US: Adobe
 CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator
password in ...)
@@ -105,15 +106,18 @@
 CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent
...)
 	NOT-FOR-US: Intoto iGateway
 CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier
allows ...)
-	TODO: check
+	- php5 <unfixed> (low)
+	- php4 <unfixed> (low)
+	[sarge] - php4 <no-dsa> (openbasedir not supported)
 CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and
Enterprise ...)
-	TODO: check
+	NOT-FOR-US: MailEnable Professional
 CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable
Professional 2.0 ...)
-	TODO: check
+	NOT-FOR-US: MailEnable Professional
 CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the
administrative ...)
-	TODO: check
+	NOT-FOR-US: TeraStation HD-HTGL
 CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel
2.6 ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
+	NOTE: s390 only
 CVE-2006-5173
 	RESERVED
 CVE-2006-5172
@@ -123,9 +127,9 @@
 CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core
3 and ...)
 	TODO: check
 CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka
...)
-	TODO: check
+	NOT-FOR-US: PowerPortal
 CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search
functionality ...)
-	TODO: check
+	NOT-FOR-US: Pebble
 CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...)
 	TODO: check
 CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option
enabled, ...)
@@ -186,9 +190,9 @@
 CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)]
 	- libgsf 1.14.2-1
 CVE-2006-5143 (Stack-based buffer overflow in the Backup Agent RPC Server ...)
-	TODO: check
+	NOT-FOR-US: Backup Agent RPC Server
 CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserver Backup
R11.5 ...)
-	TODO: check
+	NOT-FOR-US: CA BrightStor ARCserver Backup
 CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin
A. ...)
 	NOT-FOR-US: Open Geo Targeting (aka geotarget)
 CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy
Image ...)
@@ -284,7 +288,7 @@
 CVE-2006-5095 (** DISPUTED ** ...)
 	NOT-FOR-US: MyPhotos
 CVE-2006-5094 (PHP remote file inclusion vulnerability in
includes/functions_kb.php ...)
-	TODO: check
+	NOT-FOR-US: phpBB XS
 CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin
Control ...)
 	NOT-FOR-US: TagIt! Tagboard
 CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php
in ...)
@@ -487,7 +491,7 @@
 CVE-2006-4998
 	RESERVED
 CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in
Linux ...)
-	TODO: check
+	- linux-2.6 2.6.18-1
 CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before
1.2.2 ...)
 	NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
 CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...)
@@ -629,7 +633,7 @@
 CVE-2006-4928
 	RESERVED
 CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device
...)
-	TODO: check
+	NOT-FOR-US: Symantec AntiVirus
 CVE-2006-4926
 	RESERVED
 CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
@@ -1115,15 +1119,15 @@
 CVE-2006-4697
 	RESERVED
 CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-4695
 	RESERVED
 CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X
for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Word
 CVE-2006-4692 (The Windows Object Packager in Microsoft Windows XP SP1 and SP2
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Word
 CVE-2006-4691
 	RESERVED
 CVE-2006-4690
@@ -1135,9 +1139,9 @@
 CVE-2006-4687
 	RESERVED
 CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language
Transformations ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML
Core ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and
2.8.0 ...)
 	{DSA-1176-1}
 	- zope2.7 <removed>
@@ -2771,7 +2775,7 @@
 CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
 	NOT-FOR-US: ColdFusion MX
 CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as
used on ...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion MX
 CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
 	NOT-FOR-US: CA eTrust Antivirus WebScan
 CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before
...)
@@ -2961,9 +2965,9 @@
 CVE-2006-3889
 	RESERVED
 CVE-2006-3888 (Buffer overflow in AOL You''ve Got Pictures (YGP) Pic
Downloader ...)
-	TODO: check
+	NOT-FOR-US: AOL
 CVE-2006-3887 (Buffer overflow in AOL You''ve Got Pictures (YGP)
Screensaver ActiveX ...)
-	TODO: check
+	NOT-FOR-US: AOL
 CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and
earlier ...)
 	NOT-FOR-US: Shalwan MusicBox
 CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W
...)
@@ -2983,11 +2987,11 @@
 CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs
/etc/init.d/mysql ...)
 	NOT-FOR-US: Opsware Network Automation System
 CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003,
2004 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3874
 	RESERVED
 CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
@@ -3001,15 +3005,15 @@
 CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003,
2004 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3866
 	REJECTED
 CVE-2006-3865
 	RESERVED
 CVE-2006-3864 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3863
 	RESERVED
 CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5
through ...)
@@ -3352,9 +3356,10 @@
 	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
 	- graphicsmagick 1.1.7-8
 CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM
...)
-	TODO: check
+	- kdebase <not-affected>
+	NOTE: only in Fedora
 CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel
2.4.x and ...)
-	TODO: check
+	- linux-2.6 2.6.18-1
 CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and
...)
 	{DSA-1193-1}
 	- libxfont 1:1.2.2-1
@@ -3562,15 +3567,15 @@
 CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004
allows ...)
 	NOT-FOR-US: Microsoft Internet Security and Acceleration Server
 CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and
Office ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3650 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA)
SDK ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1
and ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3647 (Unspecified vulnerability in Microsoft Word 2000, 2002, Office
2003, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3646
 	RESERVED
 CVE-2006-3645
@@ -4027,11 +4032,11 @@
 CVE-2006-3437
 	RESERVED
 CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET
Framework ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3435 (Unspecified vulnerability in PowerPoint in Microsoft Office 2003
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003,
2004 for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-3433
 	RESERVED
 CVE-2006-3432
Secure testing commits - Oct 2006 - r4846 - data/CVE

[Secure-testing-commits] r4846 - data/CVE
