Author: jmm-guest Date: 2007-04-05 17:31:55 +0000 (Thu, 05 Apr 2007) New Revision: 5628 Modified: data/CVE/list data/mopb.txt Log: merged more MOPB info into security tracker new flyspray issue to be fixed soon new zziplib issue (needs to be checked further) tag several non-free issues as no-dsa new evolution issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-05 16:28:39 UTC (rev 5627) +++ data/CVE/list 2007-04-05 17:31:55 UTC (rev 5628) @@ -34,9 +34,10 @@ CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...) NOT-FOR-US: Cisco Unified CallManager CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...) - TODO: check + - php4 <unfixed> (medium) + - php5 <unfixed> (medium) CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...) NOT-FOR-US: T-Mobile CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...) @@ -106,7 +107,7 @@ CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...) NOT-FOR-US: Kaqoo Auction Software CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...) - - flyspray <unfixed> (medium) + - flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway) CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low ...) - flyspray <unfixed> (medium) CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...) @@ -182,11 +183,11 @@ CVE-2007-1766 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Advanced Login CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...) NOT-FOR-US: FastStone Image Viewer CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...) - iceweasel <unfixed> (low) CVE-2007-1761 @@ -233,7 +234,6 @@ RESERVED CVE-2007-1740 REJECTED - TODO: check CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...) NOT-FOR-US: IBM Lotus Domino CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...) @@ -340,7 +340,7 @@ CVE-2007-1693 RESERVED CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-1691 RESERVED CVE-2007-1690 @@ -409,7 +409,7 @@ CVE-2007-1659 RESERVED CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...) - python2.5 <not-affected> (does not build minigzip.c) CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...) @@ -428,6 +428,7 @@ NOT-FOR-US: pcapsipdump CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...) - php5 <unfixed> + [etch] - php5 <not-affected> (Only affects PHP 5.2.1) CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...) NOT-FOR-US: 0irc CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...) @@ -497,7 +498,9 @@ CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...) NOT-FOR-US: ScriptMagix CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...) - NOT-FOR-US: ZZIPlib + - zziplib <unfixed> (unknown) + NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187 + TODO: Needs to be checked in sources, if filename is taken from cmd args, this is bogus CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...) NOT-FOR-US: MPM Chat CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...) @@ -543,29 +546,34 @@ CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...) - linux-2.6 <unfixed> (medium) CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...) NOT-FOR-US: MNews CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego CMS ...) NOT-FOR-US: Morcego CMS CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...) - madwifi <unfixed> (low) + [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...) - madwifi <unfixed> (low) + [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...) - madwifi <unfixed> (low) + [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...) - madwifi <unfixed> (low) + [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) TODO: check CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) TODO: check CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...) - madwifi <unfixed> (low) + [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...) - TODO: check + NOT-FOR-US: Elm, removed in 2002 CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...) - TODO: check + NOT-FOR-US: Elm, removed in 2002 CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...) NOT-FOR-US: Grandstream CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...) @@ -633,8 +641,9 @@ [sarge] - squid <not-affected> (Vulnerable code not present) CVE-2007-1559 RESERVED -CVE-2007-1558 +CVE-2007-1558 [APOP crypto weakness] RESERVED + NOT-FOR-US: No practical security implications CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...) NOT-FOR-US: F-Secure CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...) @@ -894,6 +903,8 @@ NOT-FOR-US: BP Blog CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...) - netperf <unfixed> (bug #413658; medium) + [sarge] - netperf <no-dsa> (Non-free not supported) + [etch] - netperf <no-dsa> (Non-free not supported) CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Woltlab Burning Board CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...) @@ -1049,17 +1060,20 @@ CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...) - php5 <not-affected> (Affected only a php5 CVS version, not a release) CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...) - TODO: check + - php4 <unfixed> + - php5 <unfixed> CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...) - TODO: check + - php4 <not-affected> (Ovrimus support not included in Debian''s PHP packages) CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...) - TODO: check + - php4 <not-affected> (Ovrimus support not included in Debian''s PHP packages) CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...) - TODO: check + - php4 <unfixed> (medium) + - php5 <unfixed> (medium) CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...) - TODO: check + - php5 <unfixed> (unknown) + NOTE: Needs further investigation CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...) NOT-FOR-US: Snitz Forums CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...) @@ -2191,7 +2205,8 @@ RESERVED - xorg-server 2:1.1.1-21 (medium) CVE-2007-1002 (Format string vulnerability in the write_html function in ...) - TODO: check + - evolution <unfixed> + [sarge] - evolution <not-affected> (Vulnerable code not present) CVE-2007-1001 RESERVED CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...) @@ -4798,7 +4813,7 @@ CVE-2007-0039 RESERVED CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0037 RESERVED CVE-2007-0036 @@ -5529,7 +5544,7 @@ - gaim 1:2.0.0+beta5-9 (low) [sarge] - gaim <no-dsa> (minor issue) CVE-2006-XXXX [xmedcon segfault on some files] - - xmedcon 0.9.9.4-1 (low; bug #401529) + - xmedcon 0.9.9.4-1 (unknown; bug #401529) TODO: check security impact CVE-2006-XXXX [dsniff urlsnarf missing output sanitization] - dsniff 2.4b1+debian-16 (unimportant; bug #400624) Modified: data/mopb.txt ==================================================================--- data/mopb.txt 2007-04-05 16:28:39 UTC (rev 5627) +++ data/mopb.txt 2007-04-05 17:31:55 UTC (rev 5628) @@ -5,13 +5,13 @@ N/A Only triggerable by malicious script 42 PHP 5 php_stream_filter_create() Off By One Vulnerablity -TODO, needs to be fixed, Sarge not affected +#TODO, needs to be fixed, Sarge not affected 41 PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability TODO 40 PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability -TODO, needs to be fixed +#TODO, needs to be fixed, CVE-2007-1825 39 PHP str_replace() Memory Allocation Integer Overflow Vulnerability TODO @@ -45,7 +45,7 @@ #TODO, CVE-2007-1700 29 PHP 5.2.1 unserialize() Information Leak Vulnerability -N/A Only affects PHP 5.2.1 +#N/A Only affects PHP 5.2.1 28 PHP hash_update_file() Already Freed Resource Access Vulnerability #N/A Only triggerable by malicious script, CVE-2007-1581 @@ -88,13 +88,13 @@ This is CVE-2007-1399 15 PHP shmop Functions Resource Verification Vulnerability -TODO(medium) -> user-supplied data could be used to read/write arbitrary memory +TODO(medium) -> user-supplied data could be used to read/write arbitrary memory, CVE-2007-1376 14 PHP substr_compare() Information Leak Vulnerability -TODO -> corner-case where length+offset > INT_MAX +TODO -> corner-case where length+offset > INT_MAX, CVE-2007-1375 13 PHP 4 Ovrimos Extension Multiple Vulnerabilities -N/A -> Ovrimos support not provided in any debian php packages +N/A -> Ovrimos support not provided in any debian php packages, CVE-2007-1379, CVE-2007-1378 12 mod_security POST Rules Bypass Vulnerability N/A -> applies to modsecurity, not packaged for sarge/etch/(sid?) @@ -103,7 +103,7 @@ #Fixed in DSA-1264. CVE-2007-0908 10 PHP php_binary Session Deserialization Information Leak Vulnerability -TODO(low) -> Can only leak 127 bytes of data +#TODO(low) -> Can only leak 127 bytes of data, CVE-2007-1380 09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability #N/A -> Only applies to a development version in CVS, not a shipped release
Florian Weimer
2007-Apr-05 17:40 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r5628 - in data: . CVE
* Moritz Muehlenhoff:> CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...) > - NOT-FOR-US: ZZIPlib > + - zziplib <unfixed> (unknown) > + NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187 > + TODO: Needs to be checked in sources, if filename is taken from cmd args, this is bogusIt''s a library, and the function is exported; the argument is supplied by the caller. So it''s not entirely bogus.
Moritz Muehlenhoff
2007-Apr-05 18:21 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r5628 - in data: . CVE
On Thu, Apr 05, 2007 at 07:40:06PM +0200, Florian Weimer wrote:> * Moritz Muehlenhoff: > > > CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...) > > - NOT-FOR-US: ZZIPlib > > + - zziplib <unfixed> (unknown) > > + NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187 > > + TODO: Needs to be checked in sources, if filename is taken from cmd args, this is bogus > > It''s a library, and the function is exported; the argument is supplied > by the caller. So it''s not entirely bogus.Ok, I only had a brief look at the website, please update the tracker data. Cheers, Moritz