date:20060120

[Secure-testing-commits] r3325 - data/DTSA/advs

2006-01-20 Thread Neil McGovern

Author: neilm
Date: 2006-01-20 11:24:15 + (Fri, 20 Jan 2006)
New Revision: 3325

Added:
   data/DTSA/advs/27-fuse.adv
Log:
Fuse DTSA (DTSA-27-1)


Added: data/DTSA/advs/27-fuse.adv
===
--- data/DTSA/advs/27-fuse.adv  2006-01-20 10:42:19 UTC (rev 3324)
+++ data/DTSA/advs/27-fuse.adv  2006-01-20 11:24:15 UTC (rev 3325)
@@ -0,0 +1,22 @@
+source: fuse
+date: Janurary 20th, 2006
+author: Neil McGovern
+vuln-type: potential data corruption when installed seduid root
+problem-scope: local
+debian-specifc: no
+cve: CVE-2005-3531
+vendor-advisory: 
+testing-fix: 2.3.0-4.2etch1
+sid-fix: 2.4.1-0.1
+upgrade: apt-get upgrade
+
+Thomas Biege discovered that fusermount in FUSE before 2.4.1, if installed
+setuid root, allows local users to corrupt /etc/mtab and possibly modify mount
+options by performing a mount over a directory whose name contains certain
+special characters
+
+Successful exploitation could result in a denial of service if mount options
+become unusable. An attacker can also exploit this issue to add arbitrary mount
+points that could grant the attacker read and possibly write access to
+otherwise restricted or privileged mount points. Other attacks are also
+possible.


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3326 - in data: CVE DSA

2006-01-20 Thread Moritz Muehlenhoff

Author: jmm-guest
Date: 2006-01-20 14:53:26 + (Fri, 20 Jan 2006)
New Revision: 3326

Modified:
   data/CVE/list
   data/DSA/list
Log:
two new DSAs


Modified: data/CVE/list
===
--- data/CVE/list   2006-01-20 11:24:15 UTC (rev 3325)
+++ data/CVE/list   2006-01-20 14:53:26 UTC (rev 3326)
@@ -1035,8 +1035,9 @@
[sarge] - kernel-source-2.4.27 not-affected (Vulnerable code not 
present)
 CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 
2.6.15 ...)
- linux-2.6 unfixed
-CVE-2006-0019
+CVE-2006-0019 [kjs heap overflow]
RESERVED
+   - kdelibs unfixed (medium)
 CVE-2005-4474 (Buffer overflow in the quot;Add to archivequot; command in 
WinRAR 3.51 allows ...)
NOT-FOR-US: WinRAR
 CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) 
allows ...)

Modified: data/DSA/list
===
--- data/DSA/list   2006-01-20 11:24:15 UTC (rev 3325)
+++ data/DSA/list   2006-01-20 14:53:26 UTC (rev 3326)
@@ -1,3 +1,11 @@
+[20 Jan 2006] DSA-948-1 kdelibs - heap overflow
+{CVE-2006-0019}
+   [sarge] - kdelibs 3.3.2-6.4
+   NOTE: not fixed in testing at time of DSA (unfixed in sid)
+[20 Jan 2006] DSA-947-1 clamav - heap overflow
+{CVE-2006-0162}
+   [sarge] - clamav 0.84-2.sarge.7
+   NOTE: fixed in testing at time of DSA
 [20 Jan 2006] DSA-946-1 sudo - missing input sanitising
 {CVE-2005-4158 CVE-2006-0151}
[woody] - sudo 1.6.6-1.5


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3327 - data/CVE

2006-01-20 Thread Moritz Muehlenhoff

Author: jmm-guest
Date: 2006-01-20 15:58:21 + (Fri, 20 Jan 2006)
New Revision: 3327

Modified:
   data/CVE/list
Log:
claim a small block, I'm busy this week


Modified: data/CVE/list
===
--- data/CVE/list   2006-01-20 14:53:26 UTC (rev 3326)
+++ data/CVE/list   2006-01-20 15:58:21 UTC (rev 3327)
@@ -1,3 +1,4 @@
+begin claimed by jmm
 CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 
Blog ...)
TODO: check
 CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 
22003/tcp) ...)
@@ -36,6 +37,7 @@
TODO: check
 CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware 
WV.00.02 ...)
TODO: check
+end claimed by jmm
 CVE-2006-0301
RESERVED
 CVE-2006-0300


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3328 - data/CVE

2006-01-20 Thread Moritz Muehlenhoff

Author: jmm-guest
Date: 2006-01-20 16:49:15 + (Fri, 20 Jan 2006)
New Revision: 3328

Modified:
   data/CVE/list
Log:
lots of NFUs


Modified: data/CVE/list
===
--- data/CVE/list   2006-01-20 15:58:21 UTC (rev 3327)
+++ data/CVE/list   2006-01-20 16:49:15 UTC (rev 3328)
@@ -1,43 +1,41 @@
-begin claimed by jmm
 CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 
Blog ...)
-   TODO: check
+   NOT-FOR-US: Bit 5 Blog
 CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 
22003/tcp) ...)
-   TODO: check
+   NOT-FOR-US: Farmers WIFE
 CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when 
...)
-   TODO: check
+   NOT-FOR-US: BlogPHP
 CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in 
...)
-   TODO: check
+   NOT-FOR-US: RedKernel Referrer Tracker
 CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures 
(YGP) ...)
-   TODO: check
+   NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX 
Control
 CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse 
the p ...)
-   TODO: check
+   NOT-FOR-US: EZDatabase
 CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, 
which ...)
-   TODO: check
+   NOT-FOR-US: PDFdirectory
 CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 
1.0 ...)
-   TODO: check
+   NOT-FOR-US: PDFdirectory
 CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass 
...)
-   TODO: check
+   NOT-FOR-US: aoblogger
 CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 
allows ...)
-   TODO: check
+   NOT-FOR-US: aoblogger
 CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 
allows ...)
-   TODO: check
+   NOT-FOR-US: aoblogger
 CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: Linksys hardware issue 
 CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in 
HTMLtoNuke ...)
-   TODO: check
+   NOT-FOR-US: HTMLtoNuke
 CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer 
...)
-   TODO: check
+   NOT-FOR-US: CA BrightStor products
 CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common 
Component in ...)
-   TODO: check
+   NOT-FOR-US: CA BrightStor products
 CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running 
firmware ...)
-   TODO: check
+   NOT-FOR-US: Clipcomm hardware
 CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote 
attackers to ...)
-   TODO: check
+   TODO: Check
 CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing 
component, ...)
-   TODO: check
+   NOT-FOR-US: Joomla! 
 CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware 
WV.00.02 ...)
-   TODO: check
-end claimed by jmm
+   NOT-FOR-US: ZyXel hardware
 CVE-2006-0301
RESERVED
 CVE-2006-0300


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] Processing r3329 failed

2006-01-20 Thread secure-testing

The error message was:

error: unknown package note 'bg #348747'

make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3330 - data/CVE

2006-01-20 Thread Florian Weimer

Author: fw
Date: 2006-01-20 20:37:19 + (Fri, 20 Jan 2006)
New Revision: 3330

Modified:
   data/CVE/list
Log:
CVE-2006-0250: our SNMP implementation is not affected


Modified: data/CVE/list
===
--- data/CVE/list   2006-01-20 19:59:32 UTC (rev 3329)
+++ data/CVE/list   2006-01-20 20:37:19 UTC (rev 3330)
@@ -143,7 +143,9 @@
 CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in 
Faq-O-Matic ...)
TODO: check
 CVE-2006-0250 (Format string vulnerability in the snmp_input function in 
snmptrapd in ...)
-   TODO: check
+   NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
+   NOTE: This bug is present in a fork, not in the mainline
+   NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
 CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged 
geoBlog ...)
TODO: check
 CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 
500 ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3331 - data/CVE

2006-01-20 Thread Joey Hess

Author: joeyh
Date: 2006-01-20 21:14:21 + (Fri, 20 Jan 2006)
New Revision: 3331

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2006-01-20 20:37:19 UTC (rev 3330)
+++ data/CVE/list   2006-01-20 21:14:21 UTC (rev 3331)
@@ -406,6 +406,7 @@
 CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 
1.2 and ...)
NOT-FOR-US: phpChamber
 CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT 
...)
+   {DSA-946-1}
- sudo unfixed
NOTE: The whole black list approach is flawed, for the DSA we'll switch 
to
NOTE: a white list approach of known to be safe env vars.
@@ -451,6 +452,7 @@
 CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 
allows ...)
NOT-FOR-US: PD9 Software MegaBBS
 CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus 
...)
+   {DSA-947-1}
- clamav 0.88-1
NOTE: Sarge is affected
 CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause 
a ...)
@@ -1043,6 +1045,7 @@
- linux-2.6 unfixed
 CVE-2006-0019 [kjs heap overflow]
RESERVED
+   {DSA-948-1}
- kdelibs unfixed (medium)
 CVE-2005-4474 (Buffer overflow in the quot;Add to archivequot; command in 
WinRAR 3.51 allows ...)
NOT-FOR-US: WinRAR
@@ -1718,6 +1721,7 @@
 CVE-2005-4159 (** DISPUTED ** ...)
NOT-FOR-US: Simple Machines Forum
 CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does 
not clear ...)
+   {DSA-946-1}
- sudo unfixed (bug #342948; medium)
 CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 
6.1.3 ...)
NOT-FOR-US: Kerio Firewall


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] Processing r3331 failed

2006-01-20 Thread secure-testing

The error message was:

error: unknown package note 'bg #348747'

make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] Processing r3331 failed

2006-01-20 Thread secure-testing

The error message was:

error: unknown package note 'bg #348747'

make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r3325 - data/DTSA/advs

[Secure-testing-commits] r3326 - in data: CVE DSA

[Secure-testing-commits] r3327 - data/CVE

[Secure-testing-commits] r3328 - data/CVE

[Secure-testing-commits] Processing r3329 failed

[Secure-testing-commits] r3330 - data/CVE

[Secure-testing-commits] r3331 - data/CVE

[Secure-testing-commits] Processing r3331 failed

[Secure-testing-commits] Processing r3331 failed

9 matches

Site Navigation

Mail list logo

Footer information