Vulnerability Bulletins |
Múltiples vulnerabilidades en Egroupware |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Egroupware < 1.61 |
Description |
|
|
Se han descubierto múltiples vulnerabilidades en Egroupware. Las vulnerabilidades residen en errores de validación de datos de entrada del usuario en la página de login. Un atacante remoto podría ejecutar comandos arbitrario o provocar ataques de Cross-Site Scripting. |
|
Solution |
|
|
Actualización de software Debian (DSA-2013-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.diff.gz http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.dsc http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg.orig.tar.gz Arquitectura independiente: http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-mydms_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-resources_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tracker_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sambaadmin_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-timesheet_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.4.004-2.dfsg-4.2_all.deb http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projectmanager_1.4.004-2.dfsg-4.2_all.deb |
|
Standar resources |
|
| Property | Value |
| CVE | NULL |
| BID | NULL |
Other resources |
|
|
Debian Security Advisory (DSA-2013-1) http://lists.debian.org/debian-security-announce/2010/msg00053.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2010-03-16 |