Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:077 (phpgroupware)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50734

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:077 (phpgroupware)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to phpgroupware
announced via advisory MDKSA-2003:077.

Several vulnerabilities were discovered in all versions of phpgroupware
prior to 0.9.14.006. This latest version fixes an exploitable
condition in all versions that can be exploited remotely without
authentication and can lead to arbitrary code execution on the web
server. This vulnerability is being actively exploited.

Version 0.9.14.005 fixed several other vulnerabilities including
cross-site scripting issues that can be exploited to obtain
sensitive information such as authentication cookies.

This update provides the latest stable version of phpgroupware and all
users are encouraged to update immediately. In addition, you should
also secure your installation by including the following in your Apache
configuration files:

\.inc\.php$>
Order allow,deny
Deny from all

Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0577
http://www.security-corporation.com/articles-20030702-005.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 6629
Common Vulnerability Exposure (CVE) ID: CVE-2003-0577
http://www.securityfocus.com/bid/6629
Bugtraq: 20030116 Re[2]: Local/remote mpg123 exploit (Google Search)
http://www.securityfocus.com/archive/1/306903
Conectiva Linux advisory: CLA-2003:695
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695
http://www.mandriva.com/security/advisories?name=MDKSA-2003:078
SCO Security Bulletin: CSSA-2004-002.0
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt
http://secunia.com/advisories/7875

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50734
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:077 (phpgroupware)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to phpgroupware announced via advisory MDKSA-2003:077. Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited. Version 0.9.14.005 fixed several other vulnerabilities including cross-site scripting issues that can be exploited to obtain sensitive information such as authentication cookies. This update provides the latest stable version of phpgroupware and all users are encouraged to update immediately. In addition, you should also secure your installation by including the following in your Apache configuration files: \.inc\.php$> Order allow,deny Deny from all Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0577 http://www.security-corporation.com/articles-20030702-005.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 6629 Common Vulnerability Exposure (CVE) ID: CVE-2003-0577 http://www.securityfocus.com/bid/6629 Bugtraq: 20030116 Re[2]: Local/remote mpg123 exploit (Google Search) http://www.securityfocus.com/archive/1/306903 Conectiva Linux advisory: CLA-2003:695 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695 http://www.mandriva.com/security/advisories?name=MDKSA-2003:078 SCO Security Bulletin: CSSA-2004-002.0 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt http://secunia.com/advisories/7875
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com