First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 26786
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Ahlberg (RETIRED) <aliz@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 26786 depends on: Show dependency tree
Bug 26786 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2003-08-17 01:20 0000 
________________________________________________________________________ 
 
                Mandrake Linux Security Update Advisory 
________________________________________________________________________ 
 
Package name:           phpgroupware 
Advisory ID:            MDKSA-2003:077 
Date:                   July 23rd, 2003 
 
Affected versions:      8.2, 9.0, 9.1, Corporate Server 2.1 
________________________________________________________________________ 
 
Problem Description: 
 
 Several vulnerabilities were discovered in all versions of phpgroupware 
 prior to 0.9.14.006.  This latest version fixes an exploitable 
 condition in all versions that can be exploited remotely without 
 authentication and can lead to arbitrary code execution on the web 
 server.  This vulnerability is being actively exploited. 
 
 Version 0.9.14.005 fixed several other vulnerabilities including 
 cross-site scripting issues that can be exploited to obtain 
 sensitive information such as authentication cookies. 
 
 This update provides the latest stable version of phpgroupware and all 
 users are encouraged to update immediately.  In addition, you should 
 also secure your installation by including the following in your Apache 
 configuration files: 
 
   <Directory /var/www/html/phpgroupware> 
     <Files ~ "\.inc\.php$"> 
       Order allow,deny 
       Deny from all 
     </Files> 
   </Directory> 
________________________________________________________________________ 
 
References: 
 
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0577 
  http://www.security-corporation.com/articles-20030702-005.html 
________________________________________________________________________

------- Comment #1 From Martin Holzer (RETIRED) 2003-09-10 15:26:25 0000 ------- 
phpgroupware-0.9.14.006.ebuild
is already in cvs and marked stable

------- Comment #2 From solar 2003-09-22 01:36:35 0000 ------- 
Thanks Martin 
changing resolution to FIXED
First Last Prev Next    No search results available      Search page      Enter new bug