Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New sitebar packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-1423 | First vendor Publication | 2007-12-07 |
| Vendor | Debian | Last vendor Modification | 2007-12-07 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several remote vulnerabilities have been discovered in sitebar, a web based bookmark manager written in PHP. The Common Vulnerabilities Exposures project identifies the following problems: CVE-2007-5491 A directory traversal vulnerability in the translation module allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter. CVE-2007-5492 A static code injection vulnerability in the translation module allows a remote authenticated user to execute arbitrary PHP code via the value parameter. CVE-2007-5693 An eval injection vulnerability in the translation module allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action. CVE-2007-5694 A path traversal vulnerability in the translation module allows remote authenticated users to read arbitrary files via an absolute path in the 'dir' parameter. CVE-2007-5695 An error in command.php allows remote attackers to redirect users to arbitrary web sites via the forward parameter in a Log In action. CVE-2007-5692 Multiple cross site scripting flaws allow remote attackers to inject arbitrary script or HTML fragments into several scripts. For the stable distribution (etch), these problem have been fixed in version 3.3.8-7etch1. For the old stable distribution (sarge), these problems have been fixed in version 3.2.6-7.1sarge1 For the unstable distribution (sid), these problems have been fixed in version 3.3.8-12.1. We recommend that you upgrade your sitebar package. |
Original Source
| Url : http://www.debian.org/security/2007/dsa-1423 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 33 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 17 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18769 | |||
| Oval ID: | oval:org.mitre.oval:def:18769 | ||
| Title: | DSA-1423-1 sitebar - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in sitebar, a web based bookmark manager written in PHP. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1423-1 CVE-2007-5491 CVE-2007-5492 CVE-2007-5693 CVE-2007-5694 CVE-2007-5695 CVE-2007-5692 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | sitebar |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-05 (sitebar) File : nvt/glsa_200711_05.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1423-1 (sitebar) File : nvt/deb_1423_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 45516 | Translation Module for SiteBar (translator.php) lang Variable Traversal Arbit... |
| 43760 | Translation Module for SiteBar (translator.php) value Variable Arbitrary PHP ... SiteBar contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the translator.php script not properly sanitizing user-supplied input to the value parameter. This may allow an attacker to include arbitrary PHP commands that will be executed. |
| 43604 | Translation Module for SiteBar (translator.php) upd cmd Action edit Variable ... SiteBar contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the translator.php script not properly sanitizing user-supplied input to the edit parameter. This may allow an attacker to include arbitrary PHP commands that will be executed. |
| 41581 | SiteBar command.php forward Variable Arbitrary Site Redirect SiteBar contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the forward parameter upon submission to the command.php script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. This could be leveraged to direct a user to a web page containing attacks that target client side software such as a web browser or document rendering programs. |
| 41359 | SiteBar index.php target Parameter XSS SiteBar contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the target parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 41358 | SiteBar command.php Modify User Action uid Parameter XSS SiteBar contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the uid parameter upon submission to the command.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 41357 | SiteBar Folder Properties Action nid_acl Parameter XSS SiteBar contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the nid_acl parameter upon submission to the command.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 41356 | SiteBar New Password Action token Parameter XSS SiteBar contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the token parameter upon submission to the command.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 41355 | SiteBar integrator.php lang Parameter XSS SiteBar contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the lang parameter upon submission to the integrator.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 41110 | SiteBar translator.php dir Parameter Traversal Arbitrary File Access SiteBar contains a flaw that allows a REMOTE attacker to traverse outside of a restricted path. The issue is due to the SCRIPT not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the dir parameter. This directory traversal attack would allow the attacker to retrieve arbitrary files. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1423.nasl - Type : ACT_GATHER_INFO |
| 2007-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-05.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:27:04 |
|
