CVE-2006-XXXX [kphone creates world-readable config file with passwords] - kphone (bug #337830; low) NOTE: Requested by Micah March 26, 2006 NOTE: CVE-2006-2442 obtained, but might be a duplicate of CVE-2006-2192 CVE-2006-XXXX [php5 response splitting] - php5 5.1.2-1 (bug #347894) - php4 (vulnerable code was introduced in PHP5) CVE-2006-XXXX [php5 mysqli format string issue] - php5 5.1.2-1 (bug #347894) - php4 (vulnerable code was introduced in PHP5) CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution] - b2evolution 0.9.1b-4 (bug #344000) CVE-2005-XXXX [xshisen follows symlinks for shared gid games files] - xshisen 1.51-1-1.2 (bug #291613) CVE-2005-XXXX [snort: DoS in verbose mode] - snort 2.3.3-2 (bug #328134; low) [woody] - snort (Only exploitable in obscure setups not used in production environments, see #328134) [sarge] - snort (Only exploitable in obscure setups not used in production environments, see #328134) CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran] - libjpeg6b 6b-11 (bug #340079; low) [woody] - libjpeg6b (Does not include exifautotran) CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password] - rageircd (bug #343543; medium) CVE-2003-XXXX [Insecure tempfile in x-face-el] - x-face-el 1.3.6.23-1 NOTE: DSA-340 CVE-2005-XXXX [Unspecified new Real/Helix createProcess() issue, no details yet] - helix-player (unknown) NOTE: http://service.real.com/help/faq/security/security111605.html CVE-2005-XXXX [unsafe file permissions in vpnc] - vpnc (bug #340105; medium) CVE-2005-XXXX [user logout in drupal has no effect] [sarge] - drupal (bug was introduced after 4.5.3) - drupal 4.5.5-3 (bug #336719; medium) CVE-2005-XXXX [double free() in libungif] - libungif4 4.1.4-1 (bug #338542; medium) CVE-2005-XXXX [Insecure temp files in note] - note 1.3.1-3 (bug #337492; low) CVE-2005-XXXX [ntop format string vulnerability] - ntop (bug #335996; unimportant) NOTE: Not exploitable CVE-2005-XXXX [kernel: Signedness problems in net/core/filter] - linux-2.6 2.6.12-2 [sarge] - kernel-source-2.4.27 [sarge] - kernel-source-2.6.8 NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern] - thttpd 2.23beta1-4 (low) CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions] - adduser 3.77 (bug #331720; low) NOTE: Woody and Sarge affected CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow] - pavuk 0.9.33-1 (bug #264684; high) NOTE: second hole mentioned in bug report CVE-2005-XXXX [libmad: Assertion failed; buffer overflow] - libmad (bug #287519; low) - mad CVE-2005-XXXX [unsafe temporary file creation in flexbackup default config] - flexbackup (bug #334350; low) CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade] - xscreensaver 4.23-2 (bug #334193; low) CVE-2005-XXXX [Minor local DoS as libldap] - openldap (bug #253838; low) TODO: Check, whether openldap2.2 is affected as well CVE-2005-XXXX [Insecure bounds checking in mpack's content parser] - mpack 1.6-1 (bug #216566) CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod] - coreutils 5.93-1 (bug #306076; low) [sarge] - coreutils (Minor issue, hardly exploitable) [woody] - coreutils (Minor issue, hardly exploitable) CVE-2005-XXXX [tar's rmt command may have undesired side effects] - tar (bug #290435; low) CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4] - kernel-source-2.4.27 (bug #310982; low) NOTE: probably already fixed in testing, wrote for confirmation CVE-2003-XXXX [Incomplete reporting of failed logins in login] - login 1:4.0.3-36 (bug #192849) CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances] - openldap2.2 2.2.26-5 (bug #260204; low) CVE-2004-XXXX [Unspecified buffer overflow in libmng] - libmng 1.0.8-1 (bug #250106) CVE-2004-XXXX [Multiple buffer overflows in isoqlog] - isoqlog 2.2-0.1 (bug #254101; bug #202634) CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] - libnss-ldap 199-1 (bug #169793) CVE-2004-XXXX [Firefox doesn't clear all cookies] - mozilla-firefox (bug #203034; bug #235932; low) CVE-2004-XXXX [Insecure temp files in amanda's chg-manual] - amanda 1:2.4.5p1-1 (bug #226139; low) NOTE: Woody and Sarge affected CVE-2004-XXXX [Buffer overflow in wdm's login] - wdm (bug #276218; low) CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...) - ldapdiff (The version in Debian doesn't contain the vulnerable code, see #306878) CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties] - apt (bug #329814; low) - apt (Unsupported use case) NOTE: I tend to remove this completely, if you're using apt sources which include vulnerable NOTE: versions of Debian packages with higher version numbers you're screwed anyway, no matter NOTE: what apt display in this case CVE-2004-XXXX [asciijump: /var/games/asciijump world writable] - asciijump 0.0.6-1.2 (bug #269186) CVE-2004-XXXX [Barrendero spool world-readable] - barrendero 1.1-1 (bug #279163) CVE-2005-XXXX [hdup inproperly preserves permissions on directories] - hdup (bug #302790; low) CVE-2001-XXXX [crypt++ passes passwords through the command line] - crypt++el (bug #105562; low) NOTE: Sarge and Woody are affected CVE-2004-XXXX [Two vulnerabilities in sredird] - sredird 2.2.1-1.1 (bug #267098) CVE-2003-XXXX [fuzz: Insecure temp file usage] - fuzz 0.6-7.1 (bug #183047) CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option] - findutils 4.2.22-1 (bug #313081) CVE-2005-XXXX [Serendipity account hijacking through CSRF] - serendipity (bug #312413) NOTE: Fixed in 0.8.5 CVE-2005-XXXX [Insecure temp files in linux-wlan-ng] - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low) CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes] - kdepim (bug #280287; low) NOTE: kmail was once part of kdenetwork. CVE-2002-XXXX [sanitizer bypassal through quoted file names] - sanitizer 1.76-1 (bug #149799; medium) CVE-2005-XXXX [Heap overflow in libosip URI parsing] - libosip2 2.0.9-1 (bug #308737) CVE-2005-XXXX [rkhunter: Insecure temporary file] - rkhunter 1.2.7-14 (bug #330627; medium) CVE-2005-XXXX [fprobe-ng: Insecure default hash] - fprobe-ng (bug #322699; low) CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation] - microcode.ctl (bug #282583; unimportant) NOTE: The validity of the microcode is ensure inside the CPU CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local] - gnupg 1.0.7-1 (bug #107374) CVE-2003-XXXX [Insecure temp files in lilo] - lilo 1:22.4-1 (bug #173238; bug #292073; low) CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth] - distcc 2.18.3-3 (bug #298929; low) [sarge] - distcc (Only affects distcc in a very non-standard way not recommended for unstrusted environments) CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host] - phpwiki (bug #282565; medium) CVE-2005-XXXX [Possibly incorrect virtualisation in php4] - php4 (bug #317577; bug #330419; low) NOTE: Maintainer can't reproduce CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports] - gnumach (bug #46709) NOTE: Nearly six years old :-) CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file] - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) NOTE: Sarge is affected (package doesn't exist in Woody) CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion] - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low) NOTE: Sarge is affected (package doesn't exist in Woody) CVE-2005-XXXX [Insecure pidfile handling in mailleds] - mailleds 0.93-11.1 (bug #329365; low) CVE-2005-XXXX [kdebase uses urandom as an entropy source] - kdebase (bug #325369; unimportant) NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels NOTE: on Linux urandom should provide sufficient entropy CVE-2005-XXXX [imview: Possible buffer overflow with FITS images] - imview (bug #326971; unknown) TODO: Needs further evaluation CVE-2005-XXXX [freeradius buffer overflows and SQL injection] - freeradius 1.0.5-1 (medium) CVE-2005-XXXX [user password file created by gajim is world-redable] - gajim 0.8.2-1 (bug #325080; low) CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file] - zope2.7 2.7.8-1 (bug #313644; bug #313621; low) NOTE: first patch was incorrect CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap] - wine 0.0.20050830-1 (bug #327261; bug #327262; high) CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6] - linux-2.6 2.6.12-6 (low) CVE-2005-XXXX [osh buffer overflow in handlers.c] NOTE: This is not the same as -13 - osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium) CVE-2005-XXXX [Insecure tempfile usage in tleds] - tleds 1.05beta10-9 (bug #276789; low) CVE-2005-XXXX [Insecure temp files in firehol] - firehol 1.231-4 (low) CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks] - cplay 1.49-8 (bug #324913; low) [woody] - cplay (CPLAY_TMP doesn't exist in this version) NOTE: Sarge is affected CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory] - phpldapadmin 0.9.6c-5 (bug #322423; low) CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs] - clamav 0.86.2-1 (low) NOTE: suspect this also affects Sarge, not enough info to know what this is CVE-2005-XXXX [Buffer overflow in Description parsing] - bidwatcher (bug #319489; low) NOTE: Sarge and Woody affected NOTE: Package is totally broken due to Ebay changes, so risk is low CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] - dbmail (bug #303991; medium) CVE-2005-XXXX [downloads.ini writable by group users, world-readable] - mldonkey 2.5.28.1-1 (bug #300560; low) CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere] - gcjwebplugin (bug #267040; bug #301134; high) CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c] - dbmail-pgsql (bug #290833; medium) CVE-2005-XXXX [time delay of password check proves account existence to attackers] NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs - ssh (bug #314645; low) CVE-2005-XXXX [Unspecified buffer overflow in metar] - metar 20050807.1-1 (unknown) CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher] - wine 0.0.20050830-1 (bug #321470; low) CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links] - metamail 2.7-48 (bug #321473; low) CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues] - xfree86 (bug #321447; low) [woody] - xfree86 (Hardly exploitable) [sarge] - xfree86 (Hardly exploitable) - xorg-x11 (bug #321447; low) CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code] - gs-esp (bug #291452; unimportant) NOTE: Not included in the binary package CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources] NOTE: binary not shipped - sysklogd (bug #281448; unimportant) CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script] - fftw3 3.0.1-12 (low; bug #321566) CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files] - clamav-getfiles 0.5-1 (bug #321446; medium) NOTE: Sarge is affected CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure] - libnet-ssleay-perl 1.25-1.1 (bug #296112; low) CVE-2005-XXXX [nvi: init.d recover file security bugs] - nvi 1.79-22 (bug #298114; medium) CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way] [woody] - bugzilla (Vulnerable script is not present) [sarge] - bugzilla (Vulnerable script is not present) - bugzilla 2.18.3-2 (bug #321567; low) CVE-2005-XXXX [Crypto weakness in Tor's handshaking process] - tor 0.1.0.14-1 (medium) CVE-2005-XXXX [DoS against rsync in embedded zlib copy] NOTE: This is distinct from CVE-2005-2096, please see rsync's 2.6.6 announcement NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3 NOTE: I haven't verified this with source so far, but it looks like a DoS NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding NOTE: zlib 1.2 are affected as well - rsync 2.6.6-1 (low) CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6] NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html NOTE: maintainer says does not apply to debian, see #320608 CVE-2005-XXXX [strobe reads file from unsafe directory] - netdiag 0.7-7.1 (bug #206905; low) CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding] - ffmpeg 0.cvs20050811-1 (bug #320150; medium) CVE-2005-XXXX [xgalaga score file segfault] - xgalaga 2.0.34-31 (bug #319686; low) CVE-2005-XXXX [xemeraldia games file overwrite] - xemeraldia 0.4-1 (bug #319661; low) CVE-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions] NOTE: This doesn't look like a real security issue as cron.daily should only be NOTE: writable by root, but lets include it as the maintainer considers it an issue - fiaif 1.19.2-14 (low) CVE-2005-XXXX [oftpd port DOS] - oftpd (bug #307957; low) NOTE: CVE id requested from mitre CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php] - moodle 1.4.4.dfsg.1-3 CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php] NOTE: viewFile.php has been removed along with other files in -26, so Debian is NOTE: no longer affected. - gforge 3.1-26 CVE-2005-XXXX [osh buffer overflow] - osh 1.7-13 (bug #311369) CVE-2005-XXXX [xile buffer overrun in terminal code] - zile 2.0.4-2 CVE-2005-XXXX [Two DoS condition in ekg] - ekg 1:1.5+20050411-3 CVE-2005-XXXX [lcrash affected by libbfd integer overflows] - lcrash 7.0.0.pre.cvs.20050322-3 CVE-2005-XXXX [Multiple security problems in lbreakout2] - lbreakout2 2.5.2-2 CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines] - clamav 0.85.1-1 (low) NOTE: Suspect Sarge is affected, not enough information to certify CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage] - xfree86 4.3.0.dfsg.1-14 (bug #308783) - xorg-x11 (Xfree-specific, inspected the Subversion tree) CVE-2005-XXXX [Buffer overflow in libotr] - libotr 2.0.2-1 CVE-2005-XXXX [vpnc: config file path security hole] - vpnc 0.3.2+SVN20050326-2 CVE-2005-XXXX [Several buffer overflows in termpkg] - termpkg 3.3-2 CVE-2005-XXXX [Integer overflow in binutils' ELF parsing] NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's NOTE: already fixed since 2.15-6 - binutils 2.15-6 CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability] - kmd 0.9.19-1.1 CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt] NOTE: Source package has been renamed from unrar to unrar-free - unrar-free 1:0.0.1-2 CVE-2005-XXXX [race condition with a buffered temp file] - pysvn 1.1.2-3 CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] - mailutils 1:0.6.1-2 CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] - maradns 1.0.27-1 CVE-2005-XXXX [Possible SQL injection in freeradius] - freeradius 1.0.2-4 CVE-2005-XXXX [Directory traversal in unzoo] - unzoo 4.4-4 CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] - syslog-ng 1.6.5-2.1 CVE-2005-XXXX [trackballs: Follows symlinks as gid games] - trackballs 1.1.1-1 (bug #302454; medium) NOTE: CVE request sent to mitre (who sent this? any response?) NOTE: Trackballs doesn't run as gid games anymore, high-score files are NOTE: stored in user's home directories instead. TODO: check possibility of exploitation via scripting language, TODO: as mentioned in the bug report as a separate issue CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it] - pwgen 2.04-1 CVE-2005-XXXX [Missing input validation in xtradius] - xtradius 1.2.1-beta2-2 (bug #307796; unimportant) CVE-2005-XXXX [fai tempfile vulnerability] - fai 2.8.2 CVE-2005-XXXX [Buffer overflow in elog's header buffer] - elog 2.5.7+r1558-3 (bug #349528; high) CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support] - ipsec-tools 1:0.5.2-1 CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd] - shadow 4.0.8 [sarge] - shadow (was introduced after version 4.0.3) [woody] - shadow (was introduced after version 4.0.3) CVE-2005-XXXX [Insecure tempfile generation in shadow's vipw] - shadow 1:4.0.3-33 CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module] - libconvert-uulib-perl 1.0.5.1-1 CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] - libpam-ssh 1.91.0-9 CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey] - postgrey 1.21-1 CVE-2005-XXXX [Some security issues in mod_security] NOTE: I don't understand mod_security fully, so I'm not entirely sure which of NOTE: the changelog entries matches the security criteria, but the changelog NOTE: claims so. - libapache-mod-security 1.8.7-1 CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping] NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix - imms 2.0.3-1 CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings] - smarty 2.6.9-1 CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client] - obexftp 0.10.7-3 CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts] - openwebmail CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv] - freeciv 2.0.1-1 CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack] - mailscanner 4.40.11-1 CVE-2005-XXXX [KDE Kopete ICQ remote DoS] - kdenetwork 4:3.3.2-2 CVE-2005-XXXX [Various /tmp related security issues in cernlib] - cernlib 2004.11.04-3 CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4] - omniorb4 4.0.5-2 CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla] - bugzilla 2.16.2-1 CVE-2002-XXXX [Multiple buffer overflows in gtetrinet] - gtetrinet 0.4.4-1