Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New phpgroupware packages fix several vulnerabilities
Informations
Name DSA-1978 First vendor Publication 2010-01-26
Vendor Debian Last vendor Modification 2010-01-26
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-4414

An SQL injection vulnerability was found in the authentication module.

CVE-2009-4415

Multiple directory traversal vulnerabilities were found in the addressbook module.

CVE-2009-4416

The authentication module is affected by cross-site scripting.

For the stable distribution (lenny) these problems have been fixed in version 0.9.16.012+dfsg-8+lenny1.

For the unstable distribution (sid) these problems have been fixed in version 0.9.16.012+dfsg-9.

We recommend that you upgrade your phpgroupware packages.

Original Source

Url : http://www.debian.org/security/2010/dsa-1978

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
33 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
33 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13367
 
Oval ID: oval:org.mitre.oval:def:13367
Title: DSA-1978-1 phpgroupware -- several
Description: Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4414 An SQL injection vulnerability was found in the authentication module. CVE-2009-4415 Multiple directory traversal vulnerabilities were found in the addressbook module. CVE-2009-4416 The authentication module is affected by cross-site scripting. For the stable distribution these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny1. For the unstable distribution these problems have been fixed in version 0.9.16.012+dfsg-9. We recommend that you upgrade your phpgroupware packages.
Family: unix Class: patch
Reference(s): DSA-1978-1
CVE-2009-4414
CVE-2009-4415
CVE-2009-4416
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): phpgroupware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6675
 
Oval ID: oval:org.mitre.oval:def:6675
Title: DSA-1978 phpgroupware -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: An SQL injection vulnerability was found in the authentication module. Multiple directory traversal vulnerabilities were found in the addressbook module. The authentication module is affected by cross-site scripting.
Family: unix Class: patch
Reference(s): DSA-1978
CVE-2009-4414
CVE-2009-4415
CVE-2009-4416
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): phpgroupware
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2010-02-01 Name : Debian Security Advisory DSA 1978-1 (phpgroupware)
File : nvt/deb_1978_1.nasl
2009-07-22 Name : phpGroupWare Multiple Input Validation Vulnerabilities
File : nvt/phpgroupware_35761.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56180 phpGroupWare addressbook/inc/class.uiXport.inc.php conv_type Parameter Traver...

phpGroupWare contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'addressbook/inc/class.uiXport.inc.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'conv_type' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
56179 phpGroupWare login.php phpgw_* Parameter XSS

phpGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate parameters that start with 'phpgw_' upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
56178 phpGroupWare login.php passwd Parameter SQL Injection

phpGroupWare contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'passwd' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
56177 phpGroupWare addressbook/csv_import.php csvfile Parameter Arbitrary File Access

phpGroupWare contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'addressbook/csv_import.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'csvfile' parameter. This directory traversal attack would allow the attacker to access arbitrary files.

Nessus® Vulnerability Scanner

Date Description
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1978.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:29:10
  • Multiple Updates