Gentoo Bug 218625 - www-apps/egroupware <1.4.004 File Upload Vulnerability (CVE-2008-2041)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	218625
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Joel <smoothp9nguin@gmail.com>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 218625 depends on:			Show dependency tree
Bug 218625 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-04-20 18:55 0000

Secunia:

Description:
A vulnerability has been reported in eGroupWare, which can be exploited by
malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error related to FCKEditor. This can be
exploited to e.g. upload malicious files and execute arbitrary PHP code, but
requires that a directory is writable by the webserver.

This may be related to:
SA27123http://secunia.com/advisories/29790/
The vulnerability is reported in versions prior to 1.4.004.

Solution:
Update to version 1.4.004.

------- Comment #1 From Benedikt Böhm 2008-04-25 11:44:02 0000 -------

in cvs

------- Comment #2 From Robert Buchholz 2008-04-25 21:08:20 0000 -------

Arches, please test and mark stable:
=www-apps/egroupware-1.4.004
Target keywords : "alpha amd64 hppa ppc release x86"

------- Comment #3 From Markus Meier 2008-04-26 11:13:56 0000 -------

amd64/x86 stable

------- Comment #4 From Jeroen Roovers 2008-04-26 15:18:57 0000 -------

Stable for HPPA.

------- Comment #5 From Raúl Porcel 2008-04-27 18:42:20 0000 -------

alpha stable

------- Comment #6 From Tobias Scherbaum 2008-04-28 17:04:44 0000 -------

ppc stable

------- Comment #7 From Peter Volkov 2008-04-29 06:19:08 0000 -------

Fixed in release snapshot.

------- Comment #8 From Tobias Heinlein 2008-04-29 12:59:00 0000 -------

GLSA request filed.

------- Comment #9 From Matthias Geerdsen 2008-04-29 13:07:26 0000 -------

might want to include bug 214212 in the GLSA

------- Comment #10 From Pierre-Yves Rofes 2008-05-07 22:04:13 0000 -------

GLSA 200805-04

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 218625

www-apps/egroupware <1.4.004 File Upload Vulnerability (CVE-2008-2041)

Last modified: 2008-05-07 22:04:13 0000