235058 – (CVE-2007-2720) www-apps/groupoffice < 2.18.6 Insufficient user id validation (CVE-2007-2720)

Bug 235058 (CVE-2007-2720) - www-apps/groupoffice < 2.18.6 Insufficient user id validation (CVE-2007-2720)

Summary: www-apps/groupoffice < 2.18.6 Insufficient user id validation (CVE-2007-2720)

Status:	RESOLVED FIXED

Alias:	CVE-2007-2720

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://group-office.svn.sourceforge.n...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-08-17 23:57 UTC by Robert Buchholz (RETIRED)
Modified:	2008-09-08 17:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-08-17 23:57:05 UTC

CVE-2007-2720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2720):
  Group-Office before 2.16-13 does not properly validate user IDs, which allows
  remote attackers to obtain sensitive information via certain requests for (1)
  message.php and (2) messages.php in modules/email/. NOTE: some of these
  details are obtained from third party information.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-08-17 23:57:48 UTC

Arches, please test and mark stable:
=www-apps/groupoffice-2.18.6
Target keywords : "alpha amd64"

Comment 2 Markus Meier gentoo-dev

2008-08-20 18:50:16 UTC

amd64 stable

Comment 3 Raúl Porcel (RETIRED) gentoo-dev

2008-08-25 15:30:04 UTC

alpha stable

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2008-09-02 17:00:34 UTC

Ready for vote, I vote NO.

Comment 5 Matt Drew (RETIRED) gentoo-dev

2008-09-08 17:09:53 UTC

I vote no.

Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-09-08 17:49:08 UTC

no too and closing without glsa.