[Secure-testing-commits] r1453 - data/CAN

Thu, 21 Jul 2005 18:15:26 -0700 

Author: joeyh
Date: 2005-07-22 01:14:56 +0000 (Fri, 22 Jul 2005)
New Revision: 1453

Modified:
   data/CAN/list
Log:
processed a few old CANs


Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-07-21 22:32:16 UTC (rev 1452)
+++ data/CAN/list       2005-07-22 01:14:56 UTC (rev 1453)
@@ -271,65 +271,69 @@
        TODO: check
 end claimed by zobel
 CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 
2.4.11, when ...)
-       TODO: check
+       NOTE: presumably fixed in linux 2.4.12
 CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent 
user ...)
-       TODO: check
+       NOTE: not-for-us (Microsoft)
 CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled 
allows ...)
-       TODO: check
+       NOTE: not-for-us (Microsoft)
 CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain 
name ...)
-       TODO: check
+       NOTE: not-for-us (Openwave WAP gateway)
 CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name 
URL ...)
-       TODO: check
+       NOTE: not-for-us (CMG WAP gateway)
 CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers 
to ...)
-       TODO: check
+       NOTE: not-for-us (Lotus Domino)
 CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in 
Perdition ...)
-       TODO: check
+       - vanessa-logger 0.0.2
 CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 
through ...)
-       TODO: check
+       NOTE: not-for-us (MacOS)
 CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 
11.11 ...)
-       TODO: check
+       NOTE: not-for-us (HP-UX)
 CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS 
for ...)
-       TODO: check
+       NOTE: not-for-us (Tomcat 3.2.1 running on HP Secure OS)
 CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local 
users to ...)
-       TODO: check
+       - nvi 1.79-16a.1
+       NOTE: was DSA 085
 CAN-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local 
users to ...)
-       TODO: check
+       NOTE: DSA 082
+       - xvt 2.1-13
 CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 
2000 and ...)
-       TODO: check
+       NOTE: not-for-us (Microsoft)
 CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 
provide ...)
-       TODO: check
+       NOTE: not-for-us (OpenBSD)
 CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort 
before 1.8.3 ...)
-       TODO: check
+       - snort 1.8.3
 CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers 
to ...)
-       TODO: check
+       NOTE: not-for-us (AIX)
 CAN-2001-1556 (The log files in Apache web server contain information directly 
...)
-       TODO: check
+       NOTE: documented issue in apache, unlikely to be changed
+       NOTE: see http://httpd.apache.org/docs/logs.html
 CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal 
...)
-       TODO: check
+       NOTE: not-for-us (Solaris)
 CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows 
remote ...)
-       TODO: check
+       NOTE: not-for-us (AIX)
 CAN-2001-1553 (Buffer overflow in setiathome for [EMAIL PROTECTED] 3.03, if 
installed setuid, ...)
-       TODO: check
+       NOTE: not suid in debian
 CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a 
denial of ...)
-       TODO: check
+       NOTE: not-for-us (Microsoft)
 CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid 
processes, ...)
-       TODO: check
+       NOTE: no info in CVE db about fix
+       TODO: check with current kernel on a system with quotas
 CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled 
creates ...)
-       TODO: check
+       NOTE: not-for-us (Centra)
 CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass 
...)
-       TODO: check
+       NOTE: not-for-us (Tiny Personal Firewall)
 CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows 
local ...)
-       TODO: check
+       NOTE: not-for-us (Tiny Personal Firewall)
 CAN-2001-1547 (Outlook Express 6.0, with "Do not allow attachments to be 
saved or ...)
-       TODO: check
+       NOTE: not-for-us (Outlook)
 CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and 
...)
-       TODO: check
+       NOTE: not-for-us (Pathways Homecare)
 CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL 
requests ...)
-       TODO: check
+       NOTE: not-for-us (Macromedia JRun)
 CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server 
(JWS) ...)
-       TODO: check
+       NOTE: not-for-us (Macromedia JRun)
 CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a 
default ...)
-       TODO: check
+       NOTE: not-for-us (Axis network camera)
 CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter 
...)
        TODO: check
 CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI 
BSD/OS ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to