Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 112766 - net-nds/phpldapadmin multiple issues
Summary: net-nds/phpldapadmin multiple issues
Status: RESOLVED DUPLICATE of bug 104293
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2005-11-16 18:46 UTC by Bruno Lopes
Modified: 2005-11-17 02:06 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Bruno Lopes 2005-11-16 18:46:35 UTC
i don't know is bug #104293 cover this, so sorry if it does...

 Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6
 and 0.9.7 allows remote attackers to read arbitrary files via a ..
 (dot dot) in the custom_welcome_page parameter. (CAN-2005-2792)

 PHP remote code injection vulnerability in welcome.php in phpLDAPadmin
 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code
 via the custom_welcome_page parameter. (CAN-2005-2793)

 Maksymilian Arciemowicz discovered several cross site scripting issues
 in  phpsysinfo, a PHP based host information application.
 (CAN-2005-0869, 0870)

 Christopher Kunz discovered that local variables in phpsysinfo get
 overwritten unconditionally and are trusted later, which could lead to
 the inclusion of arbitrary files. (CAN-2005-3347)

 Christopher Kunz discovered that user-supplied input in phpsysinfo is
 used unsanitised, causing a HTTP Response splitting problem.

Reproducible: Didn't try
Steps to Reproduce:
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-16 22:12:12 UTC
Seems like we're not affected by these (note some of the CVE ids apparently 
references phpsysinfo instead). Other opionions anyone? 
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-11-17 02:06:49 UTC
Yes, the phpLDAPadmin part has been solved in 104293. The phpsysinfo part is bug

*** This bug has been marked as a duplicate of 104293 ***