Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
CVE Promotions and invalid IDs
reinke at e-softinc
Mar 19, 2003, 11:11 AM
Post #1 of 3 (657 views)
Permalink
The following scripts need to be adjusted for CVE identifiers.

Promotion - these scripts refer to a CAN-xxxx-xxxx id, when they
should in fact reference a CVE-xxxx-xxx id.

cfinger_format_bug.nasl CAN-1999-0708
codered_x.nasl CAN-2001-0500
ftp_servu_path_disclosure.nasl CAN-1999-0838
iis_isapi_overflow.nasl CAN-2001-0506
iis_isapi_overflow.nasl CAN-2001-0508
irix_copilot.nasl CAN-2000-0283
mcms_overflow.nasl CAN-2002-0050
mountd_overflow.nasl CAN-1999-0002
ms_telnet_overflow.nasl CAN-2002-0020
nfs_dotdot.nasl CAN-1999-0166
nfs_fsirand.nasl CAN-1999-0167
nfs_mount.nasl CAN-1999-0170
nfs_portmap.nasl CAN-1999-0168
smb_nt_ms00-035.nasl CAN-2000-0402
smb_nt_ms02-021.nasl CAN-2002-1056
tcp_seq.nasl CAN-1999-0077

The following scripts refer to CVE identifiers that do not
exist. In all cases except for the obvious 'CA-2002-08',
these should have been CAN-XXXX-XXXX references instead
of CVE references.

bind_sig_cached_rr_overflow.nasl CVE-2002-1219
CSCdw33027.nasl CVE-2002-1024
iis_webdav_overflow.nasl CVE-2003-0109
mssmtp_null_auth.nasl CVE-2002-0054
mssql_blank_password.nasl CVE-2000-1209
mssql_saphire_worm.nasl CVE-2002-0649
mssql_saphire_worm.nasl CVE-2002-0650
oracle9i_owautil.nasl CA-2002-08
pop3_overflow.nasl CVE-2002-0799
popper_mod.nasl CVE-2002-0513
rpc_cmsd.nasl CVE-2002-0391
rpc_dmispd.nasl CVE-2002-0391
smb_nt_ms02-013.nasl CVE-2002-0058
texis_path_disclosure.nasl CVE-2002-0266
wu_ftpd_glob.nasl CVE-2001-0935

Thomas
Re: CVE Promotions and invalid IDs [ In reply to ]
vincent at renardias
Mar 20, 2003, 3:17 AM
Post #2 of 3 (660 views)
Permalink
On Wed, 2003-03-19 at 19:11, Thomas Reinke wrote:
> The following scripts need to be adjusted for CVE identifiers.

Renaud, I'm willing to do the patching if nobody else volunteers :-)

> Promotion - these scripts refer to a CAN-xxxx-xxxx id, when they
> should in fact reference a CVE-xxxx-xxx id.
>
> cfinger_format_bug.nasl CAN-1999-0708
> codered_x.nasl CAN-2001-0500
> ftp_servu_path_disclosure.nasl CAN-1999-0838
> iis_isapi_overflow.nasl CAN-2001-0506
> iis_isapi_overflow.nasl CAN-2001-0508
> irix_copilot.nasl CAN-2000-0283
> mcms_overflow.nasl CAN-2002-0050
> mountd_overflow.nasl CAN-1999-0002
> ms_telnet_overflow.nasl CAN-2002-0020
> nfs_dotdot.nasl CAN-1999-0166
> nfs_fsirand.nasl CAN-1999-0167
> nfs_mount.nasl CAN-1999-0170
> nfs_portmap.nasl CAN-1999-0168
> smb_nt_ms00-035.nasl CAN-2000-0402
> smb_nt_ms02-021.nasl CAN-2002-1056
> tcp_seq.nasl CAN-1999-0077
>
> The following scripts refer to CVE identifiers that do not
> exist. In all cases except for the obvious 'CA-2002-08',
> these should have been CAN-XXXX-XXXX references instead
> of CVE references.
>
> bind_sig_cached_rr_overflow.nasl CVE-2002-1219
> CSCdw33027.nasl CVE-2002-1024
> iis_webdav_overflow.nasl CVE-2003-0109
> mssmtp_null_auth.nasl CVE-2002-0054
> mssql_blank_password.nasl CVE-2000-1209
> mssql_saphire_worm.nasl CVE-2002-0649
> mssql_saphire_worm.nasl CVE-2002-0650
> oracle9i_owautil.nasl CA-2002-08
> pop3_overflow.nasl CVE-2002-0799
> popper_mod.nasl CVE-2002-0513
> rpc_cmsd.nasl CVE-2002-0391
> rpc_dmispd.nasl CVE-2002-0391
> smb_nt_ms02-013.nasl CVE-2002-0058
> texis_path_disclosure.nasl CVE-2002-0266
> wu_ftpd_glob.nasl CVE-2001-0935
>
> Thomas
>
Re: CVE Promotions and invalid IDs [ In reply to ]
vincent at strongholdnet
Mar 20, 2003, 10:13 AM
Post #3 of 3 (657 views)
Permalink
On Wed, 2003-03-19 at 19:11, Thomas Reinke wrote:

I've just commited the whole list. Thanks.

> The following scripts need to be adjusted for CVE identifiers.
>
> Promotion - these scripts refer to a CAN-xxxx-xxxx id, when they
> should in fact reference a CVE-xxxx-xxx id.
>
> cfinger_format_bug.nasl CAN-1999-0708
> codered_x.nasl CAN-2001-0500
> ftp_servu_path_disclosure.nasl CAN-1999-0838
> iis_isapi_overflow.nasl CAN-2001-0506
> iis_isapi_overflow.nasl CAN-2001-0508
> irix_copilot.nasl CAN-2000-0283
> mcms_overflow.nasl CAN-2002-0050
> mountd_overflow.nasl CAN-1999-0002
> ms_telnet_overflow.nasl CAN-2002-0020
> nfs_dotdot.nasl CAN-1999-0166
> nfs_fsirand.nasl CAN-1999-0167
> nfs_mount.nasl CAN-1999-0170
> nfs_portmap.nasl CAN-1999-0168
> smb_nt_ms00-035.nasl CAN-2000-0402
> smb_nt_ms02-021.nasl CAN-2002-1056
> tcp_seq.nasl CAN-1999-0077
>
> The following scripts refer to CVE identifiers that do not
> exist. In all cases except for the obvious 'CA-2002-08',
> these should have been CAN-XXXX-XXXX references instead
> of CVE references.
>
> bind_sig_cached_rr_overflow.nasl CVE-2002-1219
> CSCdw33027.nasl CVE-2002-1024
> iis_webdav_overflow.nasl CVE-2003-0109
> mssmtp_null_auth.nasl CVE-2002-0054
> mssql_blank_password.nasl CVE-2000-1209
> mssql_saphire_worm.nasl CVE-2002-0649
> mssql_saphire_worm.nasl CVE-2002-0650
> oracle9i_owautil.nasl CA-2002-08
> pop3_overflow.nasl CVE-2002-0799
> popper_mod.nasl CVE-2002-0513
> rpc_cmsd.nasl CVE-2002-0391
> rpc_dmispd.nasl CVE-2002-0391
> smb_nt_ms02-013.nasl CVE-2002-0058
> texis_path_disclosure.nasl CVE-2002-0266
> wu_ftpd_glob.nasl CVE-2001-0935
>
> Thomas
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal