Author: jmm-guest
Date: 2006-12-15 00:33:07 +0100 (Fri, 15 Dec 2006)
New Revision: 5120
Modified:
data/CVE/list
Log:
new proftpd issue
NFUs
new freebsd issue
cleanup old TODOs (kernel information about sarge is tracked in kernel-sec repo)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-14 20:14:20 UTC (rev 5119)
+++ data/CVE/list 2006-12-14 23:33:07 UTC (rev 5120)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [proftpd mod_ctrls local root]
+ - proftpd-dfsg 1.3.0-17 (medium)
+ [sarge] - proftpd <not-affected> (Vulnerable code not activated in
binary build)
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and
10 ...)
NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8,
9, and ...)
@@ -1353,11 +1356,11 @@
CVE-2006-5857
RESERVED
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before
2.2 ...)
- TODO: check
+ NOT-FOR-US: Adobe Download Manager
CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM)
before 5.2.9 ...)
- TODO: check
+ NOT-FOR-US: Tivoli
CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll)
in ...)
- TODO: check
+ NOT-FOR-US: Novell Netware
CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in
Immediacy ...)
NOT-FOR-US: Immediacy CMS
CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL
before ...)
@@ -1418,7 +1421,8 @@
CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako
...)
NOT-FOR-US: Kayako SupportSuite
CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1
allows ...)
- TODO: check
+ - kfreebsd-5 <unfixed>
+ [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
- linux-2.6 <unfixed>
CVE-2006-5822
@@ -1926,23 +1930,23 @@
CVE-2006-5586
RESERVED
CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000
SP4 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000
SP4, XP SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5582
RESERVED
CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5580
RESERVED
CVE-2006-5579 (Microsoft Internet Explorer 6 accesses previously freed memory,
which ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote
attackers to read ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote
attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-5576
RESERVED
CVE-2006-5575
@@ -3844,7 +3848,7 @@
CVE-2006-4703
RESERVED
CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-4701
RESERVED
CVE-2006-4700
@@ -5709,7 +5713,7 @@
CVE-2006-3894
RESERVED
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone
ImageKit ...)
- TODO: check
+ NOT-FOR-US: Newtone ImageKit
CVE-2006-3892
RESERVED
CVE-2006-3891
@@ -6428,9 +6432,7 @@
CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz
Banner ...)
NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network
Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange
...)
- NOTE: Debian has a libice - is it the same one?
- NOTE: Not enough information...
- TODO: maybe check again later
+ NOTE: Sun Solaris
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera
3.0 and ...)
@@ -7979,7 +7981,6 @@
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey
...)
NOTE: There are very few scenarios, where this could be exploited
NOTE: We can probably ignore this
- TODO: check further
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the
full ...)
NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy
1.0.3 ...)
@@ -9176,7 +9177,7 @@
CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003,
2004 ...)
NOT-FOR-US: Microsoft
CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
SP4 and ...)
NOT-FOR-US: Microsoft
CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier
allows ...)
@@ -11034,7 +11035,6 @@
CVE-2006-1651 (** DISPUTED ** ...)
NOT-FOR-US: MS ISA
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar
and ...)
- TODO: check
NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The "restore to" selection in the
"quarantine a file" capability of ...)
NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
@@ -19291,7 +19291,6 @@
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary
file ...)
{DSA-867-1}
- module-assistant 0.9.10
- TODO: Check, whether this version really fixes the issue, it''s not
mentioned in the changelog
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6
and ...)
{DSA-1085-1 DSA-876-1 DSA-874-1}
- lynx 2.8.5-2sarge1 (bug #335033; high)
@@ -19430,7 +19429,7 @@
CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in
bug_actiongroup_page.php ...)
- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service
(crash) ...)
- TODO: file a bug, it''s not really clear, whether this has security
implications
+ - mozilla-firefox 1.0.7-1
CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2
...)
{DSA-900-3}
- fetchmail 6.2.5.4-1 (bug #336096; low)
@@ -20397,7 +20396,6 @@
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel
2.6 ...)
{DSA-922-1 DSA-921-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
- TODO: When was this fixed in sid for 2.4?
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
2.6.12 and ...)
[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
@@ -22067,7 +22065,6 @@
- mozilla-firefox 1.0-1
CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when
...)
- mozilla-thunderbird 1.0-3
- TODO: check Mozilla suite
CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete
...)
- mozilla-firefox 0.99+1.0RC1-1
CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to
cause ...)
@@ -25154,7 +25151,6 @@
CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler
...)
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
[sarge] - kernel-source-2.6.8 <not-affected>
- TODO: Check 2.4
CVE-2005-1588 (** DISPUTED ** ...)
NOT-FOR-US: Quick.cart
CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for
Quick.cart ...)
@@ -26134,7 +26130,6 @@
- mozilla-firefox 1.0.4-1
CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary
Javascript ...)
- mozilla-firefox 1.0.4-1
- TODO: check mozilla too
CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows
remote ...)
NOT-FOR-US: Opera
CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to
install ...)
@@ -26173,8 +26168,6 @@
NOTE: CVE request sent to mitre (who sent this? any response?)
NOTE: Trackballs doesn''t run as gid games anymore, high-score files
are
NOTE: stored in user''s home directories instead.
- TODO: check possibility of exploitation via scripting language,
- TODO: as mentioned in the bug report as a separate issue
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3)
ISUP, ...)
- ethereal 0.10.10-2sarge2
CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before
0.10.11 ...)
@@ -26638,7 +26631,6 @@
- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to
create ...)
{DSA-922-1}
- TODO: This needs to be double-checked, added to the kernel tracker
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the
wrong ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
[sarge] - kernel-source-2.6.8 2.6.8-16
@@ -27199,7 +27191,6 @@
NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar)
...)
NOT-FOR-US: JAR in J2SE SDK
- TODO: check jar extractors in Debian just to be safe
CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery
2.1.2 ...)
NOT-FOR-US: zOOm Media Gallery
CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows
...)
@@ -27427,7 +27418,6 @@
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in
IVT ...)
NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in
Linux ...)
- TODO: Check 2.4 and when this was fixed upstream
[sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products
such as ...)
@@ -27567,7 +27557,6 @@
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
- kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 <not-affected>
- TODO: Check, when this was fixed
- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to
...)
NOT-FOR-US: Webmasters-Debutants WD Guestbook
@@ -28056,7 +28045,6 @@
{DSA-922-1 DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (bug #311164)
- linux-2.6 <not-affected> (Fixed before upload in archive)
- TODO: Check, when this was fixed upstream
CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify
addresses on ...)
{DSA-922-1 DSA-921-1}
- kernel-source-2.4.27 2.4.27-11 (medium)
@@ -28644,8 +28632,7 @@
CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows
...)
NOT-FOR-US: CIS Webserver
CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a
...)
- NOTE: don''t know if we are vulnerable, I''ve mailed
maintainers -- Djoume
- TODO: check
+ NOTE: Historic Gaim on Windows
CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote
attackers to ...)
NOT-FOR-US: phpWebSite
CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read
...)
@@ -28836,7 +28823,6 @@
CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in
reiserfs/file.c ...)
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.11-rc4)
[sarge] - kernel-source-2.6.8 2.6.8-14
- TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and
2.6.11 ...)
- linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.11-rc4)
[sarge] - kernel-source-2.6.8 2.6.8-14
@@ -28847,8 +28833,6 @@
CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types
for ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
[sarge] - kernel-source-2.6.8 2.6.8-14
- TODO: 2.4.27 seems to be unaffected, check back with kernel patch tracker
- TODO: check, when this was fixed in 2.6
CVE-2005-0528
REJECTED
NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
@@ -28943,7 +28927,6 @@
- curl 7.13.0-2
CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17
allows ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- TODO: check
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
@@ -29092,7 +29075,6 @@
NOTE: generally try to make sense of anything even remotely resembling HTML.
- firefox <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
- TODO: This is still a bug (maybe not a security one) and needs fixing. (IMHO,
fw)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)
NOT-FOR-US: mailcarrier
CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote
attackers ...)
@@ -29646,7 +29628,6 @@
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel
2.6.8.1 ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, when this was fixed upstream
- kernel-source-2.4.27 2.4.27-9
CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters
when ...)
- wget 1.9.1-11
@@ -30308,19 +30289,16 @@
- squid 2.5.7-6
CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to
cause a ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
[sarge] - kernel-source-2.6.8 2.6.8-15
- kernel-source-2.4.27 2.4.27-9 (bug #300838)
CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to
cause a ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
- TODO: Check, which version fixed this
- kernel-source-2.4.27 2.4.27-9
CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote
attackers ...)
- gaim 1:1.1.4
CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x
allows ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
[sarge] - kernel-source-2.6.8 2.6.8-14
- TODO: Check 2.4
CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and
3.0 ...)
- xpdf <not-affected> (Initial Debian fix was already correct)
- gpdf <not-affected> (Initial Debian fix was already correct)