Test ID:	1.3.6.1.4.1.25623.1.0.831481
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)
Summary:	The remote host is missing an update for the 'phpldapadmin'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'phpldapadmin' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities was discovered and corrected in phpldapadmin: Input appended to the URL in cmd.php \(when cmd is set to _debug\) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site (CVE-2011-4074). Input passed to the orderby parameter in cmd.php \(when cmd is set to query_engine, query is set to none, and search is set to e.g. 1\) is not properly sanitised in lib/functions.php before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code (CVE-2011-4075). The updated packages have been upgraded to the latest version (1.2.2) which is not vulnerable to these issues. Affected Software/OS: phpldapadmin on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4074 46551 http://secunia.com/advisories/46551 46672 http://secunia.com/advisories/46672 50331 http://www.securityfocus.com/bid/50331 76593 http://osvdb.org/76593 DSA-2333 http://www.debian.org/security/2011/dsa-2333 [oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws http://openwall.com/lists/oss-security/2011/10/24/9 [oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws http://openwall.com/lists/oss-security/2011/10/25/2 http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page Common Vulnerability Exposure (CVE) ID: CVE-2011-4075 18021 http://www.exploit-db.com/exploits/18021/ 76594 http://osvdb.org/76594 http://dev.metasploit.com/redmine/issues/5820 http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744 http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.