Not much of an serious issue, requires register_globals turned on. Anyway: A security vulnerability has been discovered in phpGW < 0.9.16.011. We were not given a heads up before it was published. The exploit is in the holiday code in calendar. It can only be exploited with register_globals = on and gpc_magic_quotes = off. The advisory can be found at FrSIRT There is code which exploits the vulnerability in the wild - see milw0rm. All users are strongly encouraged to upgrade immediately. ----- Advisory ID : FrSIRT/ADV-2006-3414 CVE ID : GENERIC-MAP-NOMATCH Rated as : Moderate Risk Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-08-30 Technical Description A vulnerability has been identified in phpGroupWare, which could be exploited by remote attackers to gain knowledge of sensitive information. This flaw is due to an input validation error in the "calendar/inc/class.holidaycalc.inc.php" script that does not validate the "phpgw_info[user][preferences][common][country]" parameter, which could be exploited by remote attackers to include or disclose the contents of local files with the privileges of the web server. Affected Products phpGroupWare version 0.9.16.010 and prior
Bump to 0.9.16.011 required. Requires register_globals so rather dumb, I will vote noglsa
bumped
Thx Renat. Arhces please test and mark stable.
working fine on amd64... emerge --info #Portage 2.1-r2 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-suspend2-r4Dudebox-Edition x86_64) ================================================================= System uname: 2.6.17-suspend2-r4Dudebox-Edition x86_64 AMD Athlon(tm) 64 Processor 3200+ Gentoo Base System version 1.12.4 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -msse3 -Os -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=k8 -msse3 -Os -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://server/gentoo-portage" USE="amd64 X alsa apache2 avi berkdb bitmap-fonts cairo cdr cli crypt cups dbus dlloader dri dvd dvdr eds emboss encode esd fam firefox fortran gcj gdbm gif gpm gstreamer gtk gtk2 hal imap isdnlog jpeg kde kdeenablefinal kdehiddenvisibility libg++ mad mikmod mp3 mpeg mysql ncurses nls nptl nptlonly objc objc++ ogg oss pam pcre pdflib perl png ppds pppd python qt3 qt4 quicktime readline reflection sdl session spell spl sqlite ssl tcpd test truetype truetype-fonts type1-fonts udev unicode vorbis xml xorg xv zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux userland_GNU video_cards_radeon" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
amd64 stable, thanks dude (did i mention i love that nick? *g*)
ppc stable
alpha stable. Also marked 2.8.8 stable on amd64.
(In reply to comment #7) > Also marked 2.8.8 stable on amd64. Sorry, this got posted to the wrong bug. Too many open tabs in firefox. Alpha stable.
Thx everyone. Closing with NO GLSA since this is C4 :-)