Executive Summary
Summary | |
---|---|
Title | New phpgroupware packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1978 | First vendor Publication | 2010-01-26 |
Vendor | Debian | Last vendor Modification | 2010-01-26 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4414 An SQL injection vulnerability was found in the authentication module. CVE-2009-4415 Multiple directory traversal vulnerabilities were found in the addressbook module. CVE-2009-4416 The authentication module is affected by cross-site scripting. For the stable distribution (lenny) these problems have been fixed in version 0.9.16.012+dfsg-8+lenny1. For the unstable distribution (sid) these problems have been fixed in version 0.9.16.012+dfsg-9. We recommend that you upgrade your phpgroupware packages. |
Original Source
Url : http://www.debian.org/security/2010/dsa-1978 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
33 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
33 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2010-02-01 | Name : Debian Security Advisory DSA 1978-1 (phpgroupware) File : nvt/deb_1978_1.nasl |
2009-07-22 | Name : phpGroupWare Multiple Input Validation Vulnerabilities File : nvt/phpgroupware_35761.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56180 | phpGroupWare addressbook/inc/class.uiXport.inc.php conv_type Parameter Traver... phpGroupWare contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'addressbook/inc/class.uiXport.inc.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'conv_type' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server. |
56179 | phpGroupWare login.php phpgw_* Parameter XSS phpGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate parameters that start with 'phpgw_' upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
56178 | phpGroupWare login.php passwd Parameter SQL Injection phpGroupWare contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'passwd' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database. |
56177 | phpGroupWare addressbook/csv_import.php csvfile Parameter Arbitrary File Access phpGroupWare contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'addressbook/csv_import.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'csvfile' parameter. This directory traversal attack would allow the attacker to access arbitrary files. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1978.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:10 |
|