|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200507-08] phpGroupWare, eGroupWare: PHP script injection vulnerability Vulnerability Scan
Vulnerability Scan Summary
phpGroupWare, eGroupWare: PHP script injection vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200507-08
(phpGroupWare, eGroupWare: PHP script injection vulnerability)
The XML-RPC implementations of phpGroupWare and eGroupWare fail to
sanitize input sent to the XML-RPC server using the "POST" method.
Impact
A remote attacker could exploit the XML-RPC vulnerability to
execute arbitrary PHP script code by sending specially crafted XML data
to the XML-RPC servers of phpGroupWare or eGroupWare.
Workaround
There are no known workarounds at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921
Solution:
All phpGroupWare users should upgrade to the latest available
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-app/phpgroupware-0.9.16.006"
All eGroupWare users should upgrade to the latest available
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-app/egroupware-1.0.0.008"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
