[Secure-testing-commits] r3325 - data/DTSA/advs
Author: neilm Date: 2006-01-20 11:24:15 + (Fri, 20 Jan 2006) New Revision: 3325 Added: data/DTSA/advs/27-fuse.adv Log: Fuse DTSA (DTSA-27-1) Added: data/DTSA/advs/27-fuse.adv === --- data/DTSA/advs/27-fuse.adv 2006-01-20 10:42:19 UTC (rev 3324) +++ data/DTSA/advs/27-fuse.adv 2006-01-20 11:24:15 UTC (rev 3325) @@ -0,0 +1,22 @@ +source: fuse +date: Janurary 20th, 2006 +author: Neil McGovern +vuln-type: potential data corruption when installed seduid root +problem-scope: local +debian-specifc: no +cve: CVE-2005-3531 +vendor-advisory: +testing-fix: 2.3.0-4.2etch1 +sid-fix: 2.4.1-0.1 +upgrade: apt-get upgrade + +Thomas Biege discovered that fusermount in FUSE before 2.4.1, if installed +setuid root, allows local users to corrupt /etc/mtab and possibly modify mount +options by performing a mount over a directory whose name contains certain +special characters + +Successful exploitation could result in a denial of service if mount options +become unusable. An attacker can also exploit this issue to add arbitrary mount +points that could grant the attacker read and possibly write access to +otherwise restricted or privileged mount points. Other attacks are also +possible. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3326 - in data: CVE DSA
Author: jmm-guest Date: 2006-01-20 14:53:26 + (Fri, 20 Jan 2006) New Revision: 3326 Modified: data/CVE/list data/DSA/list Log: two new DSAs Modified: data/CVE/list === --- data/CVE/list 2006-01-20 11:24:15 UTC (rev 3325) +++ data/CVE/list 2006-01-20 14:53:26 UTC (rev 3326) @@ -1035,8 +1035,9 @@ [sarge] - kernel-source-2.4.27 not-affected (Vulnerable code not present) CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.15 ...) - linux-2.6 unfixed -CVE-2006-0019 +CVE-2006-0019 [kjs heap overflow] RESERVED + - kdelibs unfixed (medium) CVE-2005-4474 (Buffer overflow in the quot;Add to archivequot; command in WinRAR 3.51 allows ...) NOT-FOR-US: WinRAR CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...) Modified: data/DSA/list === --- data/DSA/list 2006-01-20 11:24:15 UTC (rev 3325) +++ data/DSA/list 2006-01-20 14:53:26 UTC (rev 3326) @@ -1,3 +1,11 @@ +[20 Jan 2006] DSA-948-1 kdelibs - heap overflow +{CVE-2006-0019} + [sarge] - kdelibs 3.3.2-6.4 + NOTE: not fixed in testing at time of DSA (unfixed in sid) +[20 Jan 2006] DSA-947-1 clamav - heap overflow +{CVE-2006-0162} + [sarge] - clamav 0.84-2.sarge.7 + NOTE: fixed in testing at time of DSA [20 Jan 2006] DSA-946-1 sudo - missing input sanitising {CVE-2005-4158 CVE-2006-0151} [woody] - sudo 1.6.6-1.5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3327 - data/CVE
Author: jmm-guest Date: 2006-01-20 15:58:21 + (Fri, 20 Jan 2006) New Revision: 3327 Modified: data/CVE/list Log: claim a small block, I'm busy this week Modified: data/CVE/list === --- data/CVE/list 2006-01-20 14:53:26 UTC (rev 3326) +++ data/CVE/list 2006-01-20 15:58:21 UTC (rev 3327) @@ -1,3 +1,4 @@ +begin claimed by jmm CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...) TODO: check CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...) @@ -36,6 +37,7 @@ TODO: check CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...) TODO: check +end claimed by jmm CVE-2006-0301 RESERVED CVE-2006-0300 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3328 - data/CVE
Author: jmm-guest Date: 2006-01-20 16:49:15 + (Fri, 20 Jan 2006) New Revision: 3328 Modified: data/CVE/list Log: lots of NFUs Modified: data/CVE/list === --- data/CVE/list 2006-01-20 15:58:21 UTC (rev 3327) +++ data/CVE/list 2006-01-20 16:49:15 UTC (rev 3328) @@ -1,43 +1,41 @@ -begin claimed by jmm CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...) - TODO: check + NOT-FOR-US: Bit 5 Blog CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...) - TODO: check + NOT-FOR-US: Farmers WIFE CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when ...) - TODO: check + NOT-FOR-US: BlogPHP CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in ...) - TODO: check + NOT-FOR-US: RedKernel Referrer Tracker CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) ...) - TODO: check + NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p ...) - TODO: check + NOT-FOR-US: EZDatabase CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which ...) - TODO: check + NOT-FOR-US: PDFdirectory CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 ...) - TODO: check + NOT-FOR-US: PDFdirectory CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: aoblogger CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows ...) - TODO: check + NOT-FOR-US: aoblogger CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...) - TODO: check + NOT-FOR-US: aoblogger CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...) - TODO: check + NOT-FOR-US: Linksys hardware issue CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in HTMLtoNuke ...) - TODO: check + NOT-FOR-US: HTMLtoNuke CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...) - TODO: check + NOT-FOR-US: CA BrightStor products CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...) - TODO: check + NOT-FOR-US: CA BrightStor products CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...) - TODO: check + NOT-FOR-US: Clipcomm hardware CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...) - TODO: check + TODO: Check CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...) - TODO: check -end claimed by jmm + NOT-FOR-US: ZyXel hardware CVE-2006-0301 RESERVED CVE-2006-0300 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3329 failed
The error message was: error: unknown package note 'bg #348747' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3330 - data/CVE
Author: fw Date: 2006-01-20 20:37:19 + (Fri, 20 Jan 2006) New Revision: 3330 Modified: data/CVE/list Log: CVE-2006-0250: our SNMP implementation is not affected Modified: data/CVE/list === --- data/CVE/list 2006-01-20 19:59:32 UTC (rev 3329) +++ data/CVE/list 2006-01-20 20:37:19 UTC (rev 3330) @@ -143,7 +143,9 @@ CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...) TODO: check CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...) - TODO: check + NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP + NOTE: This bug is present in a fork, not in the mainline + NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions. CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...) TODO: check CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r3331 - data/CVE
Author: joeyh Date: 2006-01-20 21:14:21 + (Fri, 20 Jan 2006) New Revision: 3331 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2006-01-20 20:37:19 UTC (rev 3330) +++ data/CVE/list 2006-01-20 21:14:21 UTC (rev 3331) @@ -406,6 +406,7 @@ CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...) NOT-FOR-US: phpChamber CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...) + {DSA-946-1} - sudo unfixed NOTE: The whole black list approach is flawed, for the DSA we'll switch to NOTE: a white list approach of known to be safe env vars. @@ -451,6 +452,7 @@ CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...) NOT-FOR-US: PD9 Software MegaBBS CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...) + {DSA-947-1} - clamav 0.88-1 NOTE: Sarge is affected CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...) @@ -1043,6 +1045,7 @@ - linux-2.6 unfixed CVE-2006-0019 [kjs heap overflow] RESERVED + {DSA-948-1} - kdelibs unfixed (medium) CVE-2005-4474 (Buffer overflow in the quot;Add to archivequot; command in WinRAR 3.51 allows ...) NOT-FOR-US: WinRAR @@ -1718,6 +1721,7 @@ CVE-2005-4159 (** DISPUTED ** ...) NOT-FOR-US: Simple Machines Forum CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...) + {DSA-946-1} - sudo unfixed (bug #342948; medium) CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...) NOT-FOR-US: Kerio Firewall ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3331 failed
The error message was: error: unknown package note 'bg #348747' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r3331 failed
The error message was: error: unknown package note 'bg #348747' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits