Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 176915 - www-apps/mambo < 4.6.2 unspecified vulnerabilities (CVE-2006-7202 CVE-2007-2557)
Summary: www-apps/mambo < 4.6.2 unspecified vulnerabilities (CVE-2006-7202 CVE-2007-2557)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/25039/
Whiteboard: ~? [noglsa] p-y
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-03 13:08 UTC by Pierre-Yves Rofes (RETIRED)
Modified: 2007-05-16 15:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-05-03 13:08:49 UTC 
Some vulnerabilities have been reported in Mambo, which can be exploited by malicious people to bypass certain security restrictions.

1) A vulnerability is caused due to insufficient privilege checks in includes/pdf.php. No further information is currently available.

2) A vulnerability is caused due to insufficient privilege checks in MOStlyDB Admin. Successful exploitation requires valid administrator credentials. No further information is currently available.

The vulnerabilities are reported in version 4.6.1. Prior versions may also be affected.

Solution:
Update to version 4.6.2.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-05-03 13:09:52 UTC 
setting status and acc'ing herd. web-apps, please advise.
Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev 2007-05-16 15:22:34 UTC 
mambo-4.6.2 has been added to the tree.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-05-16 15:35:27 UTC 
thanks Gunnar. updating CVE ids:

CVE-2006-7202
CVE-2007-2557

and closing without glsa. feel free to reopen if you disagree.