Author: joeyh
Date: 2007-10-03 21:14:11 +0000 (Wed, 03 Oct 2007)
New Revision: 6784
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-03 20:11:36 UTC (rev 6783)
+++ data/CVE/list 2007-10-03 21:14:11 UTC (rev 6784)
@@ -1,3 +1,9 @@
+CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to
obtain ...)
+ TODO: check
+CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1
allows ...)
+ TODO: check
+CVE-2007-5170 (Unspecified vulnerability in the embedded service processor
(SP) ...)
+ TODO: check
CVE-2007-5169
RESERVED
CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite
...)
@@ -158,6 +164,7 @@
CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in
...)
NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in
Linux ...)
+ {DSA-1381-2}
NOT-FOR-US: Philips firmware
CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance
Music ...)
NOT-FOR-US: phpNuke module
@@ -175,14 +182,11 @@
NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0
CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in
Apache ...)
NOT-FOR-US: Geronimo Apache
-CVE-2007-5084
- RESERVED
+CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates
(CA) ...)
NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
-CVE-2007-5083
- RESERVED
+CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA)
BrightStor ...)
NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
-CVE-2007-5082
- RESERVED
+CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates
(CA) ...)
NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote
attackers ...)
- ssldump 0.9b3-1 (low)
@@ -365,17 +369,13 @@
CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in
balsa ...)
- balsa 2.3.20-1 (low)
NOTE: attacker needs to get the victim a prepared server to use
-CVE-2007-5006
- RESERVED
+CVE-2007-5006 (Multiple command handlers in CA (Computer Associates)
BrightStor ...)
NOT-FOR-US: CA ARCserve Backup
-CVE-2007-5005
- RESERVED
+CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer
...)
NOT-FOR-US: CA ARCserve Backup
-CVE-2007-5004
- RESERVED
+CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor
ARCserve ...)
NOT-FOR-US: CA ARCserve Backup
-CVE-2007-5003
- RESERVED
+CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer
Associates) ...)
NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
RESERVED
@@ -389,8 +389,7 @@
RESERVED
CVE-2007-4997
RESERVED
-CVE-2007-4996 [pidgin MSN nudge DoS]
- RESERVED
+CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN
nudge ...)
- pidgin 2.2.1-1 (medium)
NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
CVE-2007-4995
@@ -772,6 +771,7 @@
CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function
in ...)
NOT-FOR-US: Modbus Slave ActiveX Control
CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP
peers to ...)
+ {DSA-1382-1}
- quagga 0.99.9-1 (low; bug #442133)
NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
@@ -1145,6 +1145,7 @@
- php5 <unfixed> (unimportant)
NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP
before ...)
+ {DTSA-61-1}
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
NOTE: fix is at
http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
@@ -1153,19 +1154,23 @@
NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue
only
NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP
before ...)
+ {DTSA-61-1}
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not
...)
+ {DTSA-61-1}
- php5 5.2.4-1
NOTE: fixed in php5/etch svn
CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple
(1) %i ...)
+ {DTSA-61-1}
- php5 5.2.4-1 (low)
NOTE: fixed in php5/etch svn
NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641,
starting "Line 7667"
NOTE: limited format string vulnerability, the will be put into strfmon
and the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5
before ...)
+ {DTSA-61-1}
- php5 5.2.4-1
- php4 <removed>
NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
@@ -1352,7 +1357,7 @@
CVE-2007-4574
RESERVED
CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel
2.4.x and ...)
- {DSA-1378-2 DSA-1378-1}
+ {DSA-1381-2 DSA-1378-2 DSA-1378-1}
- linux-2.6 <unfixed> (medium)
CVE-2007-4572
RESERVED
@@ -2330,6 +2335,7 @@
- star 1.5a67-1.1 (bug #440100; low)
CVE-2007-4133
RESERVED
+ {DSA-1381-2}
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server
5.0.0 ...)
NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot
function in ...)
@@ -2629,6 +2635,7 @@
- krb5 1.6.dfsg.1-7 (high)
[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before
5.2.4, ...)
+ {DTSA-61-1}
- php5 5.2.4-1 (medium)
NOTE: i think it is medium since it can be easily used to DoS on shared
hosting systems
NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of
ext/standard/string.c
@@ -3055,6 +3062,7 @@
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in
SiteScape Forum ...)
NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent
attackers to ...)
+ {DTSA-61-1}
- php5 5.2.4-1 (medium; bug #441433)
- php4 <removed>
[etch] - php5 <no-dsa> (requires malicious script)
@@ -3073,6 +3081,7 @@
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan)
component ...)
NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to
4.4.7 and ...)
+ {DTSA-61-1}
NOTE: this does not affect default installs, only those who have written
NOTE: custom session handlers (which isn't *that* uncommon though), and
NOTE: also may not work if other cookie values are set.
@@ -4479,7 +4488,7 @@
NOT-FOR-US: PHP Live!
CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype
of an ...)
NOT-FOR-US: Prototype of an PHP application
-CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of
CA ...)
+CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA
(Computer ...)
NOT-FOR-US: CA BrightStor products
CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote
...)
{DSA-1315-1}
@@ -15271,6 +15280,7 @@
CVE-2006-5756
REJECTED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems,
does not ...)
+ {DSA-1381-2}
- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly
...)
{DSA-1304}
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
