Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 361221 - <www-apps/groupoffice-3.7.52: CSRF Vulnerability Can Lead to Administrator Creation
Summary: <www-apps/groupoffice-3.7.52: CSRF Vulnerability Can Lead to Administrator Cr...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.autosectools.com/Advisorie...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-30 03:52 UTC by Tim Sammut (RETIRED)
Modified: 2012-10-02 06:22 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-03-30 03:52:31 UTC 
From the third-party advisory at $URL:

<!------------------------------------------------------------------------
# Software................GroupOffice 3.6.22
# Vulnerability...........Cross-site Request Forgery
# Threat Level............Low (1/5)
# Download................http://www.group-office.com/
# Discovery Date..........3/10/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
# 
# 
# --Description--
# 
# A cross-site request forgery vulnerability in GroupOffice 3.6.22 can
# be exploited to create a new admin.
#
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2012-06-24 10:09:12 UTC 
I've committed groupoffice-3.7.52, which fixes this issue and includes other security related fixes according to their Changelog.

Please proceed.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-08-16 05:12:38 UTC 
(In reply to comment #1)
> I've committed groupoffice-3.7.52, which fixes this issue and includes other
> security related fixes according to their Changelog.
> 

Thank you.

Arches, please test and mark stable:
=www-apps/groupoffice-3.7.52
Target keywords : "alpha amd64"
Comment 3 Agostino Sarubbo gentoo-dev 2012-08-16 10:12:55 UTC 
amd64 stable
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2012-09-30 18:42:31 UTC 
alpha keywords dropped
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-10-02 06:22:23 UTC 
Thanks, folks. Resolving noglsa.