Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 218625 (CVE-2008-2041) - www-apps/egroupware <1.4.004 File Upload Vulnerability (CVE-2008-2041)
Summary: www-apps/egroupware <1.4.004 File Upload Vulnerability (CVE-2008-2041)
Status: RESOLVED FIXED
Alias: CVE-2008-2041
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/29790/
Whiteboard: C1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-20 18:55 UTC by Joel
Modified: 2008-05-07 22:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joel 2008-04-20 18:55:10 UTC
Secunia:

Description:
A vulnerability has been reported in eGroupWare, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error related to FCKEditor. This can be exploited to e.g. upload malicious files and execute arbitrary PHP code, but requires that a directory is writable by the webserver.

This may be related to:
SA27123http://secunia.com/advisories/29790/
The vulnerability is reported in versions prior to 1.4.004.

Solution:
Update to version 1.4.004.
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2008-04-25 11:44:02 UTC
in cvs
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-04-25 21:08:20 UTC
Arches, please test and mark stable:
=www-apps/egroupware-1.4.004
Target keywords : "alpha amd64 hppa ppc release x86"
Comment 3 Markus Meier gentoo-dev 2008-04-26 11:13:56 UTC
amd64/x86 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2008-04-26 15:18:57 UTC
Stable for HPPA.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-04-27 18:42:20 UTC
alpha stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-28 17:04:44 UTC
ppc stable
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-04-29 06:19:08 UTC
Fixed in release snapshot.
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2008-04-29 12:59:00 UTC
GLSA request filed.
Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-29 13:07:26 UTC
might want to include bug 214212 in the GLSA
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-07 22:04:13 UTC
GLSA 200805-04