Author: jmm-guest Date: 2007-03-24 10:59:38 +0000 (Sat, 24 Mar 2007) New Revision: 5583 Modified: data/CVE/list data/mopb.txt Log: more investigation of MOPB, merge more information into tracker Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-24 10:28:40 UTC (rev 5582) +++ data/CVE/list 2007-03-24 10:59:38 UTC (rev 5583) @@ -16,9 +16,12 @@ - php5 <unfixed> (medium) - php4 <unfixed> (medium) CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) - TODO: check + - php5 <unfixed> (unimportant) + - php4 <unfixed> (unimportant) + NOTE: Only triggerable by malicious script CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...) - TODO: check + - php5 <unfixed> (unimportant) + NOTE: Only triggerable by malicious script CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...) TODO: check CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...) @@ -277,7 +280,7 @@ CVE-2007-1462 (The luci server component in conga preserves the password between page ...) NOT-FOR-US: conga CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...) - - php5 <unfixed> (low) + - php5 <unfixed> (unimportant) NOTE: Safemode and open_basedir bypasses not supported CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 ...) - php5 <unfixed> (low) @@ -460,11 +463,12 @@ CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...) - ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium) CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...) - TODO: check + - php4 <unfixed> (unimportant) + NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected" CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...) NOT-FOR-US: Windows PHP COM extensions CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...) - TODO: check + - php5 <not-affected> (Affected only a php5 CVS version, not a release) CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...) TODO: check CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...) Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-03-24 10:28:40 UTC (rev 5582) +++ data/mopb.txt 2007-03-24 10:59:38 UTC (rev 5583) @@ -1,14 +1,17 @@ +29 PHP 5.2.1 unserialize() Information Leak Vulnerability +N/A Only affects PHP 5.2.1 + 28 PHP hash_update_file() Already Freed Resource Access Vulnerability -N/A Only triggerable by malicious script +#N/A Only triggerable by malicious script, CVE-2007-1581 27 PHP ext/gd Already Freed Resource Access Vulnerability -N/A Only triggerable by malicious script +#N/A Only triggerable by malicious script, CVE-2007-1582 26 PHP mb_parse_str() register_globals Activation Vulnerability -TODO Should be fixed +#TODO Should be fixed, CVE-2007-1583 25 PHP header() Space Trimming Buffer Underflow Vulnerability -TODO Should be fixed for PHP5, Sarge is not affected +#TODO Should be fixed for PHP5, Sarge is not affected, CVE-2007-1584 24 PHP array_user_key_compare() Double DTOR Vulnerability N/A Internal function, only triggerable by malicious script @@ -57,7 +60,7 @@ TODO(low) -> Can only leak 127 bytes of data 09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability -N/A -> Only applies to a development version in CVS, not a shipped release +#N/A -> Only applies to a development version in CVS, not a shipped release 08 PHP 4 phpinfo() XSS Vulnerability (Deja-vu) N/A -> phpinfo() is a debug function, not be exposed to applications @@ -81,4 +84,6 @@ N/A -> Applications need to impose sanity checks for maximum recursion 01 PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability -N/A -> Only triggerable by malicious script +#N/A -> Only triggerable by malicious script, CVE-2007-1383 + +(Comments starting with # indicate that information has been fed to the tracker) \ No newline at end of file