Author: anarcat
Date: 2016-12-16 14:22:25 +0000 (Fri, 16 Dec 2016)
New Revision: 47134
Modified:
data/CVE/list
Log:
Summary: from ubuntu: moodle and libphp-snoopy are vulnerable to CVE-2016-9565
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-16 14:16:38 UTC (rev 47133)
+++ data/CVE/list 2016-12-16 14:22:25 UTC (rev 47134)
@@ -8034,9 +8034,13 @@
NOTE:
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
CVE-2016-9565 [Curl Command Injection]
RESERVED
+ - moodle <unfixed>
+ - libphp-snoopy <unfixed>
- nagios3 3.5.1-1
+ TODO: investigate if moodle and libphp-snoopy are vulnerable
+ TODO: look for more embeded copies of MagpieRSS
NOTE:
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
- NOTE: The RSS feed and call-home was removed with the 3.5.1-1 were the
affected function was removed
+ NOTE: The RSS feed and call-home was removed in Nagios 3.5.1-1 where
the affected function was removed
CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r
allows ...)
- boa <not-affected> (the vuln was removed in 0.93.14)
NOTE:
http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
