|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200508-20] phpGroupWare: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary phpGroupWare: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200508-20
(phpGroupWare: Multiple vulnerabilities)
phpGroupWare improperly validates the "mid" parameter retrieved
via a forum post. The current version of phpGroupWare also adds several
safeguards to prevent XSS issues, and disables the use of a potentially
vulnerable XML-RPC library.
Impact
A remote attacker may leverage the XML-RPC vulnerability to
execute arbitrary PHP script code. He could also create a specially
crafted request that will reveal private posts.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2498
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2600
http://secunia.com/advisories/16414
Solution:
All phpGroupWare users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|