Executive Summary
Summary | |
---|---|
Title | New phpgroupware packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-2046 | First vendor Publication | 2010-05-13 |
Vendor | Debian | Last vendor Modification | 2010-05-13 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. CVE-2010-0404 Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands. For the stable distribution (lenny), these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny2 For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your phpgroupware package. |
Original Source
Url : http://www.debian.org/security/2010/dsa-2046 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
50 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-17 | Name : phpGroupWare Multiple Vulnerabilities File : nvt/gb_phpgroupware_multiple_vulnerabilities_05_10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64739 | phpGroupWare class.auth_sql.inc.php Unspecified Parameter SQL Injection phpGroupWare contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'class.auth_sql.inc.php' script not properly sanitizing user-supplied input to an unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. |
64738 | phpGroupWare class.translation_sql.inc.php Unspecified Parameter SQL Injection phpGroupWare contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'class.translation_sql.inc.php' script not properly sanitizing user-supplied input to an unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. |
64639 | phpGroupWare about.php app Parameter Traversal Local File Inclusion phpGroupWare contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'about.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'app' parameter (when "sessionid" and "kp3" are set). This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server. |
64638 | phpGroupWare class.sessions_db.inc.php Unspecified Parameter SQL Injection phpGroupWare contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'class.sessions_db.inc.php' script not properly sanitizing user-supplied input to an unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-05-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2046.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:25 |
|