Boletines de Vulnerabilidades |
Inyección de código PHP en FUD Forum / phpgroupware |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
FUD Forum < 2.7.0 phpgroupware |
Descripción |
|
Se ha descubierto una vulnerabilidad en FUD Forum versión anterior a 2.7.0. La vulnerabilidad reside en que la funcionalidad de subir un avatar al servidor no comprueba de forma correcta los ficheros que se envían. Un atacante remoto podría ejecutar código PHP arbitrario mediante un fichero con extensión PHP que contiene una imagen seguida de código PHP. |
|
Solución |
|
Actualización de software Debian Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody6.dsc http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody6.diff.gz http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody6_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody6_all.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge5.dsc http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge5.diff.gz http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge5_all.deb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge5_all.deb |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2005-2781 |
BID | 14678 |
Recursos adicionales |
|
Debian Security Advisory (DSA 1063-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00148.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-05-22 |