CVE-2005-2498
CVSS5.0
发布时间 :2005-08-15 00:00:00
修订时间 :2016-10-17 23:27:59
NMCOPS    

[原文]Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.


[CNNVD]PHPXMLRPC和PEAR 代码注入漏洞(CNNVD-200508-117)

        PHPXMLRPC和PEAR XML_RPC都是XML-RPC协议的PHP实现。
        PHPXMLRPC和PEAR XML_RPC中存在远程PHP代码注入漏洞,攻击者可以利用这个漏洞导致执行任意代码。起因是如果解析文档中嵌套了某些XML标签的话,就无法正确的处理这种情况。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9569Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) p...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2498
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-117
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112412415822890&w=2
(UNKNOWN)  BUGTRAQ  20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue
http://marc.info/?l=bugtraq&m=112431497300344&w=2
(UNKNOWN)  BUGTRAQ  20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities
http://marc.info/?l=bugtraq&m=112605112027335&w=2
(UNKNOWN)  SUSE  SUSE-SA:2005:051
http://www.debian.org/security/2005/dsa-789
(UNKNOWN)  DEBIAN  DSA-789
http://www.debian.org/security/2005/dsa-798
(UNKNOWN)  DEBIAN  DSA-798
http://www.debian.org/security/2005/dsa-840
(UNKNOWN)  DEBIAN  DSA-840
http://www.debian.org/security/2005/dsa-842
(UNKNOWN)  DEBIAN  DSA-842
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
(UNKNOWN)  FEDORA  FLSA:166943
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
(UNKNOWN)  GENTOO  GLSA-200509-19
http://www.hardened-php.net/advisory_152005.67.html
(VENDOR_ADVISORY)  MISC  http://www.hardened-php.net/advisory_152005.67.html
http://www.novell.com/linux/security/advisories/2005_49_php.html
(UNKNOWN)  SUSE  SUSE-SA:2005:049
http://www.redhat.com/support/errata/RHSA-2005-748.html
(UNKNOWN)  REDHAT  RHSA-2005:748
http://www.securityfocus.com/archive/1/408125
(UNKNOWN)  BUGTRAQ  20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/14560
(UNKNOWN)  BID  14560

- 漏洞信息

PHPXMLRPC和PEAR 代码注入漏洞
中危 输入验证
2005-08-15 00:00:00 2005-10-25 00:00:00
远程  
        PHPXMLRPC和PEAR XML_RPC都是XML-RPC协议的PHP实现。
        PHPXMLRPC和PEAR XML_RPC中存在远程PHP代码注入漏洞,攻击者可以利用这个漏洞导致执行任意代码。起因是如果解析文档中嵌套了某些XML标签的话,就无法正确的处理这种情况。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://drupal.org/files/projects/drupal-4.5.5.tar.gz
        http://drupal.org/files/projects/drupal-4.6.3.tar.gz

- 漏洞信息 (F40444)

Debian Linux Security Advisory 842-1 (PacketStormID:F40444)
2005-10-06 00:00:00
Debian  security.debian.org
advisory,web,arbitrary,php
linux,debian
CVE-2005-2498
[点击下载]

Debian Security Advisory DSA 842-1 - Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval() statements.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 842-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 4th, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : egroupware
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2498
Debian Bug     : 323350

Stefan Esser discovered a vulnerability in the XML-RPC libraries which
are also present in egroupware, a web-based groupware suite, that
allows injection of arbitrary PHP code into eval() statements.

The old stable distribution (woody) does not contain egroupware packages.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.0.007-2.dfsg-2sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.0.009.dfsg-1.

We recommend that you upgrade your egroupware packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge2.dsc
      Size/MD5 checksum:     1285 3d6f6f4ce438e4ebcd70225e9a24e692
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge2.diff.gz
      Size/MD5 checksum:    49855 a1739526a8d1c05ddc2dadb47363c8df
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
      Size/MD5 checksum: 12699187 462f5ea377c4d0c04f16ffe8037b9d6a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   148852 e750bfd56785d6a940c2a2d88fb94aa2
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   124982 3ff7fdf44cb275daffeabb48fc0d4308
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   382090 787e7db0a8df6cb7ab4b3a80987071ec
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   255918 79eabb6d2b0174c16fdf966f3ab9e6ee
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:  3774984 8289fa81d3b180d5dc67b8a282c8686d
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    53300 3f2a59360e8bd317eef86d5af7858c1f
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:  1243750 161aa84bc1bcf1d4a49499fa5ba0cad3
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    37960 714cd583a86b9b4b1a8b05c2c9aa0f66
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:  1363118 63a866ae67145b939d64db25d0158870
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   275250 2db7b6c8f830f7cb6d00150b33c540da
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   172724 3ce24e53c034d01404d3f7f7158713bc
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    51170 7797b69c2929da061b6be28b39e268d4
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    37888 8c32110dcebcd17859b69587d2b403d4
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:  1486376 2ab734c6cdb6f3dad2026afe837d74af
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    74774 6a9b286b59af81235d82fcf08f61d04d
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   202136 65add5519ec01aa6f280f2f94a7b173c
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   204852 2ff54e99c7af6e015e9d97d294525837
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:     6990 c54a40cb045d634c0291c14a9e0ffc92
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    17150 c68a5a178735f1a7c6c4c136825fa562
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    32010 ad9e7c62d2ab3f682f3270bbc7a71b23
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    50574 316eac825edd3445437794305059a925
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   119122 c6a4302ed448ee7525fa1cd76953b284
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   139434 7288958a380aa265c387a7318a926f5d
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   115804 3992f299e8a522851680b3f2852f5874
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    35936 1729874da8403e275ace5d2233e5ef5e
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   302090 540892c7605cce8c170c35b2ceea89a3
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    99668 d9ec849c53dce3255b5ffd878a9a78e0
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:   486416 d2b53f213aa3f703eaf8548a16417276
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    26374 6820f8f0081f049c381e72e5f48a5cec
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    92498 8f96075774eabc0351bb7f77180a75f9
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:    92456 906fc6675229b6ba352b16c32f547b04
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge2_all.deb
      Size/MD5 checksum:     4260 d776246f9cd720063d6f89f4ea6851ed


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDQpuJW5ql+IAeqTIRAhdjAJ9mf26vqP1c6KTrAvOne/klRvPPrgCfd7o4
0ZmIO+FmDcPj2BDNH7/7dc8=
=ZelK
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40319)

Gentoo Linux Security Advisory 200509-19 (PacketStormID:F40319)
2005-09-28 00:00:00
Gentoo  security.gentoo.org
advisory,overflow,php
linux,gentoo
CVE-2005-2491,CVE-2005-2498
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-19 - PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Versions less than 4.4.0-r1 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2185A5EC3517B37082118ADD
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: PHP: Vulnerabilities in included PCRE and XML-RPC libraries
      Date: September 27, 2005
      Bugs: #102373
        ID: 200509-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

PHP makes use of an affected PCRE library and ships with an affected
XML-RPC library and is therefore potentially vulnerable to remote
execution of arbitrary code.

Background
==========

PHP is a general-purpose scripting language widely used to develop
web-based applications. It can run inside a web server using the
mod_php module or the CGI version of PHP, or can run stand-alone in a
CLI.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  dev-php/php         < 4.4.0-r1                      *>= 4.3.11-r1
                                                           >= 4.4.0-r1
  2  dev-php/mod_php     < 4.4.0-r2                      *>= 4.3.11-r1
                                                           >= 4.4.0-r2
  3  dev-php/php-cgi     < 4.4.0-r2                      *>= 4.3.11-r2
                                                           >= 4.4.0-r2
    -------------------------------------------------------------------
     3 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

PHP makes use of a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17). It
also ships with an XML-RPC library affected by a script injection
vulnerability (see GLSA 200508-13).

Impact
======

An attacker could target a PHP-based web application that would use
untrusted data as regular expressions, potentially resulting in the
execution of arbitrary code. If web applications make use of the
XML-RPC library shipped with PHP, they are also vulnerable to remote
execution of arbitrary PHP code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PHP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/php

All mod_php users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/mod_php

All php-cgi users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/php-cgi

References
==========

  [ 1 ] CAN-2005-2491
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  [ 2 ] CAN-2005-2498
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  [ 3 ] GLSA 200508-13
        http://www.gentoo.org/security/en/glsa/glsa-200508-13.xml
  [ 4 ] GLSA 200508-17
        http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-19.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig2185A5EC3517B37082118ADD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDOaq9vcL1obalX08RAjNJAJ4qC4jj5dU9QDgMbuvq7gionbCHuwCfWY4N
QXDhIZIWjI0OVKooy7v5Y1I=
=mtJx
-----END PGP SIGNATURE-----

--------------enig2185A5EC3517B37082118ADD--
    

- 漏洞信息 (F39819)

Debian Linux Security Advisory 798-1 (PacketStormID:F39819)
2005-09-05 00:00:00
Debian  debian.org
advisory,web,php,vulnerability
linux,debian
CVE-2005-2498,CVE-2005-2600,CVE-2005-2761
[点击下载]

Debian Security Advisory DSA 798-1 - Several vulnerabilities have been discovered in phpgroupware, a web based groupware system written in PHP.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 798-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 2nd, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : phpgroupware
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2498 CAN-2005-2600 CAN-2005-2761

Several vulnerabilities have been discovered in phpgroupware, a web
based groupware system written in PHP.  The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2005-2498

    Stefan Esser discovered another vulnerability in the XML-RPC
    libraries that allows injection of arbitrary PHP code into eval()
    statements.  The XMLRPC component has been disabled.

CAN-2005-2600

    Alexander Heidenreich discovered a cross-site scriptiong problem
    in the tree view of FUD Forum Bulletin Board Software, which is
    also present in phpgroupware.

CAN-2005-2761

    A global cross-site scripting fix has also been included that
    protects against potential malicious scripts embedded in CSS and
    xmlns in various parts of the application and modules.

This update also contains a postinst bugfix that has been approved for
the next update to the stable release.

For the old stable distribution (woody) these problems don't apply.

For the stable distribution (sarge) these problems have been fixed in
version 0.9.16.005-3.sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.9.16.008.

We recommend that you upgrade your phpgroupware packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.dsc
      Size/MD5 checksum:     1665 e10b74698fb0ccd70d9960c4e9745224
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.diff.gz
      Size/MD5 checksum:    36212 ce2653530ea7790676d68687ac9ab89a
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
      Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   176408 e62845031a7af8182d876d93ce3a653d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   186202 70608b587089d644a3c2ff787f6ef3a0
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   100830 97695db70fdda862347531f7b22b40cd
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   323858 db8259d262257e59a620113a97dc5a75
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    23068 57ecbc9bed7823851eef44102e59e36d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   434086 f8c1e175ab1b1dc0b337ca47f3670f30
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:     6388 690fb88e32c50d3d00f440362c27dc78
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    33196 dab4c5133ea41f23a8752d93e8bd9786
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    42654 9db6fec8e4687d8fe6099a467a8246db
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    50302 f4aeb63d1aeaa72c2bbfa6a5c0f8f247
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  1117628 e467218f15060c0edbabaa85cc6d561e
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  1329298 95e88686c6212b6b1fcbfe404aef76ea
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   180022 5930fda4d00b9814600dd3164243e678
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    91478 d2bd73cc22569c599fcadbedcfe1abb6
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   166208 3b310fc7dedb0c055e1bbb451b61edd8
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    45422 37e0f53559aa145decf9ee82906f6225
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    36296 e196baee2c1c89fc3872ea91b4046845
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  1355378 5453aa07a4c4372f247a994d7122170d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    63786 533a084f5b12d9471fd0bf8e7eb471a1
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    18712 feaa03f55c431cb7265c98dd5ea3ccbb
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:     8472 4595ab292c8139cbe4596754403a471a
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   136256 9f5270506681b88bc7b55c459e7c6ab6
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    90472 8a82ed20e8bb22e098610bf988338966
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    25864 fe33aebc1fe6887b3a36624139216092
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    41170 971b81d589f9ec41661260c666d7b0ac
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    46804 749dcf3257343b66b0d866fdfee0a933
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    34828 4135f525d65dafde78ab72da65e84ab7
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    20566 cca6d535bd572adb89be5337c2ea4081
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    40058 e4fd11ffcc187d218e8e761443210de2
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  9677508 a2e03ccffbc07f28b7e40610a223173b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   116316 ea045a4a3bc0b30fefa3105d781f1e6b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    31390 42add8aa672fcbad2bc45bcc86de345f
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    59496 907318b665a238d7d272125377e786ff
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   120176 6d4c7741a3706276da2e67f76ccda644
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    23352 8d9360711e849414a9e331b820a06e7e
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    29810 c1414f1646c86cc9548cd21091b9402d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   267152 dc7418b235702e20c9c746116a41cd0b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   902332 d18c60e4a310be6a8079659d9edb1ef3
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    19062 5c21d71782cb4790f0037ae7358c6366
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    23888 001d27f63b54f9a60788b0512f3b0315
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    21842 20bdf757aa0ba7d6e7ddd64454af89c5
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    50120 825d4e389401fe8d3ed3cc4f5bad71ed
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    55662 7594f3210ebd11e91f483aac7cc9c20b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    70170 01379389b829ca8fc81f820df5ba0f76
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    62818 303dbc331b9bdab5e476a6dacfe08a87
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   156040 b02eea4ffa8eac66bab0e673df7a5afa


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDGDHkW5ql+IAeqTIRAgjKAJ0ZQXrESKCx66FOz2YV+Rkz0503aQCeLPqe
Jol2uYCvFJbwPaWvi2tinCg=
=lz87
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F39765)

Gentoo Linux Security Advisory 200508-21 (PacketStormID:F39765)
2005-09-01 00:00:00
Gentoo  security.gentoo.org
advisory,sql injection
linux,gentoo
CVE-2005-2498
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-21 - phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, matrix_killer reported that phpWebSite is vulnerable to an SQL injection attack. Versions less than 0.10.2_rc2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: phpWebSite: Arbitrary command execution through XML-RPC and
            SQL injection
      Date: August 31, 2005
      Bugs: #102785
        ID: 200508-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpWebSite is vulnerable to multiple issues which result in the
execution of arbitrary code and SQL injection.

Background
==========

phpWebSite is a web site content management system.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /   Vulnerable   /                Unaffected
    -------------------------------------------------------------------
  1  www-apps/phpwebsite     < 0.10.2_rc2                >= 0.10.2_rc2

Description
===========

phpWebSite uses an XML-RPC library that improperly handles XML-RPC
requests and responses with malformed nested tags. Furthermore,
"matrix_killer" reported that phpWebSite is vulnerable to an SQL
injection attack.

Impact
======

A malicious remote user could exploit this vulnerability to inject
arbitrary PHP script code into eval() statements by sending a specially
crafted XML document, and also inject SQL commands to access the
underlying database directly.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All phpWebSite users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2_rc2"

References
==========

  [ 1 ] CAN-2005-2498
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  [ 2 ] Original Advisory
        http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0497.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-21.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F39719)

Gentoo Linux Security Advisory 200508-20 (PacketStormID:F39719)
2005-08-31 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2498,CVE-2005-2600
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-20 - phpGroupWare improperly validates the mid parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially vulnerable XML-RPC library. Versions less than 0.9.16.008 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: phpGroupWare: Multiple vulnerabilities
      Date: August 30, 2005
      Bugs: #102379
        ID: 200508-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpGroupWare is vulnerable to multiple issues ranging from information
disclosure to a potential execution of arbitrary code.

Background
==========

phpGroupWare is a multi-user groupware suite written in PHP.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /   Vulnerable   /              Unaffected
    -------------------------------------------------------------------
  1  www-apps/phpgroupware     < 0.9.16.008              >= 0.9.16.008

Description
===========

phpGroupWare improperly validates the "mid" parameter retrieved via a
forum post. The current version of phpGroupWare also adds several
safeguards to prevent XSS issues, and disables the use of a potentially
vulnerable XML-RPC library.

Impact
======

A remote attacker may leverage the XML-RPC vulnerability to execute
arbitrary PHP script code. He could also create a specially crafted
request that will reveal private posts.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All phpGroupWare users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"

References
==========

  [ 1 ] CAN-2005-2498
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2498
  [ 2 ] CAN-2005-2600
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2600
  [ 3 ] Secunia Advisory SA16414
        http://secunia.com/advisories/16414

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-20.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F39651)

Gentoo Linux Security Advisory 200508-18 (PacketStormID:F39651)
2005-08-28 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2498
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-18 - Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Versions less than 1.3.10-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: PhpWiki: Arbitrary command execution through XML-RPC
      Date: August 26, 2005
      Bugs: #102380
        ID: 200508-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary
command execution.

Background
==========

PhpWiki is an application that creates a web site where anyone can edit
the pages through HTML forms.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /   Vulnerable   /                   Unaffected
    -------------------------------------------------------------------
  1  www-apps/phpwiki      < 1.3.10-r2                    >= 1.3.10-r2

Description
===========

Earlier versions of PhpWiki contain an XML-RPC library that improperly
handles XML-RPC requests and responses with malformed nested tags.

Impact
======

A remote attacker could exploit this vulnerability to inject arbitrary
PHP script code into eval() statements by sending a specially crafted
XML document to PhpWiki.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PhpWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r2"

References
==========

  [ 1 ] CAN-2005-2498
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-18.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F39593)

Gentoo Linux Security Advisory 200508-14 (PacketStormID:F39593)
2005-08-25 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2498
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-14 - The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Versions less than 1.8.5-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: TikiWiki, eGroupWare: Arbitrary command execution through
            XML-RPC
      Date: August 24, 2005
      Bugs: #102374, #102377
        ID: 200508-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to
arbitrary command execution.

Background
==========

TikiWiki is a full featured Free Software Wiki, CMS and Groupware
written in PHP. eGroupWare is a web-based collaboration software suite.
Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC
requests.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /   Vulnerable   /                Unaffected
    -------------------------------------------------------------------
  1  www-apps/tikiwiki        < 1.8.5-r2                   >= 1.8.5-r2
  2  www-apps/egroupware      < 1.0.0.009                 >= 1.0.0.009
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

The XML-RPC library shipped in TikiWiki and eGroupWare improperly
handles XML-RPC requests and responses with malformed nested tags.

Impact
======

A remote attacker could exploit this vulnerability to inject arbitrary
PHP script code into eval() statements by sending a specially crafted
XML document to TikiWiki or eGroupWare.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All TikiWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r2"

All eGroupWare users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.0.0.009"

References
==========

  [ 1 ] CAN-2005-2498
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-14.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F39572)

Gentoo Linux Security Advisory 200508-13 (PacketStormID:F39572)
2005-08-24 00:00:00
Gentoo  security.gentoo.org
advisory,php
linux,gentoo
CVE-2005-2498
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-13 - Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags. Versions less than 1.4.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: PEAR XML-RPC, phpxmlrpc: New PHP script injection
            vulnerability
      Date: August 24, 2005
      Bugs: #102378, #102576
        ID: 200508-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to
execute arbitrary PHP script commands.

Background
==========

The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations
of the XML-RPC protocol.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  dev-php/PEAR-XML_RPC       < 1.4.0                       >= 1.4.0
  2  dev-php/phpxmlrpc         < 1.2-r1                      >= 1.2-r1
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Stefan Esser of the Hardened-PHP Project discovered that the PEAR
XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC
requests and responses with malformed nested tags.

Impact
======

A remote attacker could exploit this vulnerability to inject arbitrary
PHP script code into eval() statements by sending a specially crafted
XML document to web applications making use of these libraries.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All PEAR-XML_RPC users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/PEAR-XML_RPC-1.4.0"

All phpxmlrpc users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/phpxmlrpc-1.2-r1"

References
==========

  [ 1 ] CAN-2005-2498
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  [ 2 ] Hardened-PHP 14/2005 Advisory
        http://www.hardened-php.net/advisory_142005.66.html
  [ 3 ] Hardened-PHP 15/2005 Advisory
        http://www.hardened-php.net/advisory_152005.67.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F39417)

Hardened-PHP Project Security Advisory 2005-15.67 (PacketStormID:F39417)
2005-08-17 00:00:00
Stefan Esser,Hardened-PHP Project  hardened-php.net
advisory,arbitrary,php
CVE-2005-2498
[点击下载]

A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                        Hardened-PHP Project
                        www.hardened-php.net

                      -= Security  Advisory =-


     Advisory: PHPXMLRPC Remote PHP Code Injection Vulnerability
 Release Date: 2005/08/15
Last Modified: 2005/08/15
       Author: Stefan Esser [sesser@hardened-php.net]

  Application: PHPXMLRPC <= 1.1.1
     Severity: A malformed XMLRPC request can result in execution
               of arbitrary injected PHP code
         Risk: Critical
Vendor Status: Vendor has released an updated version
   References: http://www.hardened-php.net/advisory_152005.67.html


Overview:

   PHPXMLRPC is the successor of Useful Inc's XML-RPC for PHP, which 
   is a PHP implementation of the XML-RPC protocol. 
   
   After Gulftech released their PHP code injection advisory in the
   end of June 2005 we sheduled the code for an audit from our side.
   Unfortunately we were able to find another vulnerability in the
   XML-RPC libraries that allows injection of arbitrary PHP code 
   into eval() statements.
   
   Unlike the last vulnerability this is not caused by wrongly
   implemented escaping of the user input, but by an improper handling
   of XMLRPC requests and responses that are malformed in a certain
   way.

   To get rid of this and future eval() injection vulnerabilities, the
   Hardened-PHP Project has developed together with the maintainers
   of both libraries a fix that completely eliminates the use of 
   eval() from the library.


Details:

   When the library parses XMLRPC requests/repsonses, it constructs
   a string of PHP code, that is later evaluated. This means any 
   failure to properly handle the construction of this string can 
   result in arbitrary execution of PHP code.
   
   In late June a problem was discovered, that certain XML tags where
   using single quotes around embedded user input and single quotes
   where not escaped. This allowed a typical injection attack. While
   all these escaping problems were believed to be fixed, I was able
   to find another problems, that allows injection of arbitrary code.
   
   This new injection vulnerability is cause by not properly handling
   the situation, when certain XML tags are nested in the parsed
   document, that were never meant to be nested at all. This can be
   easily exploited in a way, that user-input is placed outside of
   string delimiters within the evaluation string, which obviously
   results in arbitrary code execution.
   
   Therefore we have added a XML tag nesting verification into the
   code and additionally removed all call to eval(). Therefore the 
   resulting patch eliminates the current and the possibility for
   future eval() holes. Additionally this means from the diff
   between a vulnerable and a not vulnerable version it is not
   possible to find the position of the flaw easily.
   

CVE Information:

   The Common Vulnerabilities and Exposures project (cve.mitre.org) 
   has assigned the name CAN-2005-2498 to this vulnerability.
      
      
Proof of Concept:

   The Hardened-PHP Project is not going to release an exploit for 
   this vulnerability to the public.


Disclosure Timeline:

   22. July   2005 - Contact with both library vendors established.
                     Issue is discussed and a patch that eliminates
		     the use of eval() is developed, improved and
		     tested.
   12. August 2005 - Affected applications are contacted and asked
                     for beta test of the patches.
   14. August 2005 - Vendors release bugfixed versions, after
                     information about this vulnerability leaked 
		     through one of the affected applications to
		     the public.
   15. August 2005 - Public disclosure


Recommendation:

   We strongly recommend to upgrade to the vendor supplied new
   version, that completely eliminates all calls to eval(). 
      
      PHPXMLRPC 1.2
      http://prdownloads.sourceforge.net/phpxmlrpc/xmlrpc.1.2.tgz?download
      

GPG-Key:

   http://www.hardened-php.net/hardened-php-signature-key.asc

   pub  1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
   Key fingerprint = 066F A6D0 E57E 9936 9082  7E52 4439 14CC 0A86 4AA1


Copyright 2005 Stefan Esser / Hardened-PHP Project. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFDAJGHRDkUzAqGSqERAjWBAKCQehbqKzLA8nN6TcP52YxlQE927gCfQM/0
vUqqDUP8behCGxMbaz4QwHQ=
=IDCZ
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F39416)

Hardened-PHP Project Security Advisory 2005-14.66 (PacketStormID:F39416)
2005-08-17 00:00:00
Stefan Esser,Hardened-PHP Project  hardened-php.net
advisory,arbitrary,php
CVE-2005-2498
[点击下载]

A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.

Vulnerability 
Reply-To: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                        Hardened-PHP Project
                        www.hardened-php.net

                      -= Security  Advisory =-


     Advisory: PEAR XML_RPC Remote PHP Code Injection Vulnerability
 Release Date: 2005/08/15
Last Modified: 2005/08/15
       Author: Stefan Esser [sesser@hardened-php.net]

  Application: PEAR XML_RPC <= 1.3.3
     Severity: A malformed XMLRPC request can result in execution
               of arbitrary injected PHP code
         Risk: Critical
Vendor Status: Vendor has released an updated version
   References: http://www.hardened-php.net/advisory_142005.66.html


Overview:

   PEAR XML_RPC is the PEAR-ified version of Useful Inc's XML-RPC
   for PHP, which is a PHP implementation of the XML-RPC protocol.
   It has support for HTTP transport, proxies and authentication.
   
   After Gulftech released their PHP code injection advisory in the
   end of June 2005 we sheduled the code for an audit from our side.
   Unfortunately we were able to find another vulnerability in the
   XML-RPC libraries that allows injection of arbitrary PHP code 
   into eval() statements.
   
   Unlike the last vulnerability this is not caused by wrongly
   implemented escaping of the user input, but by an improper handling
   of XMLRPC requests and responses that are malformed in a certain
   way.

   To get rid of this and future eval() injection vulnerabilities, the
   Hardened-PHP Project has developed together with the maintainers
   of both libraries a fix that completely eliminates the use of 
   eval() from the library.


Details:

   When the library parses XMLRPC requests/repsonses, it constructs
   a string of PHP code, that is later evaluated. This means any 
   failure to properly handle the construction of this string can 
   result in arbitrary execution of PHP code.
   
   In late June a problem was discovered, that certain XML tags where
   using single quotes around embedded user input and single quotes
   where not escaped. This allowed a typical injection attack. While
   all these escaping problems were believed to be fixed, I was able
   to find another problems, that allows injection of arbitrary code.
   
   This new injection vulnerability is cause by not properly handling
   the situation, when certain XML tags are nested in the parsed
   document, that were never meant to be nested at all. This can be
   easily exploited in a way, that user-input is placed outside of
   string delimiters within the evaluation string, which obviously
   results in arbitrary code execution.
   
   Therefore we have added a XML tag nesting verification into the
   code and additionally removed all call to eval(). Therefore the 
   resulting patch eliminates the current and the possibility for
   future eval() holes. Additionally this means from the diff
   between a vulnerable and a not vulnerable version it is not
   possible to find the position of the flaw easily.
   

CVE Information:

   The Common Vulnerabilities and Exposures project (cve.mitre.org) 
   has assigned the name CAN-2005-2498 to this vulnerability.
      
      
Proof of Concept:

   The Hardened-PHP Project is not going to release an exploit for 
   this vulnerability to the public.


Disclosure Timeline:

   22. July   2005 - Contact with both library vendors established.
                     Issue is discussed and a patch that eliminates
		     the use of eval() is developed, improved and
		     tested.
   12. August 2005 - Affected applications are contacted and asked
                     for beta test of the patches.
   14. August 2005 - Vendors release bugfixed versions, after
                     information about this vulnerability leaked 
		     through one of the affected applications to
		     the public.
   15. August 2005 - Public disclosure


Recommendation:

   We strongly recommend to upgrade to the vendor supplied new
   version, that completely eliminates all calls to eval(). 
      
      PEAR XML_RPC 1.4.0
      http://pear.php.net/get/XML_RPC-1.4.0.tgz
      
   You can also upgrade XML_RPC with the pear commandline client,
   but because this uses a XML_RPC connection to retrieve the data
   it is not recommended.


GPG-Key:

   http://www.hardened-php.net/hardened-php-signature-key.asc

   pub  1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
   Key fingerprint = 066F A6D0 E57E 9936 9082  7E52 4439 14CC 0A86 4AA1


Copyright 2005 Stefan Esser / Hardened-PHP Project. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFDAJF0RDkUzAqGSqERAku9AKCjcTZcuAAQfTaiDQcFVrBzSBQ5cwCdEJmO
5hlRikPiTLgdsdvYrukOS9s=
=/PFy
-----END PGP SIGNATURE-----

    

- 漏洞信息

18889
XML-RPC for PHP (PHPXMLRPC) Nested XML Tags Arbitrary PHP Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The problem is that the library does not properly sanitizing certain XML tags that are nested in a parsed PHP document before being used in an 'eval()' call, which may allow a remote attacker to execute arbitrary PHP code resulting in a loss of integrity.

- 时间线

2005-08-15 Unknow
Unknow Unknow

- 解决方案

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

PHPXMLRPC and PEAR XML_RPC Remote Code Injection Vulnerability
Input Validation Error 14560
Yes No
2005-08-15 12:00:00 2009-07-12 05:06:00
Stefan Esser <sesser@hardened-php.net> is credited with the discovery of this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
TikiWiki Project TikiWiki 1.8.5
TikiWiki Project TikiWiki 1.8.4
+ Gentoo Linux
TikiWiki Project TikiWiki 1.8.3
TikiWiki Project TikiWiki 1.8.2
TikiWiki Project TikiWiki 1.8.1
TikiWiki Project TikiWiki 1.8
TikiWiki Project TikiWiki 1.7.9
TikiWiki Project TikiWiki 1.7.8
TikiWiki Project TikiWiki 1.7.7
TikiWiki Project TikiWiki 1.7.6
TikiWiki Project TikiWiki 1.7.5
TikiWiki Project TikiWiki 1.7.4
TikiWiki Project TikiWiki 1.7.3
TikiWiki Project TikiWiki 1.7.2
TikiWiki Project TikiWiki 1.7.1 .1
TikiWiki Project TikiWiki 1.6.1
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0 SP6
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server 9
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
PHPXMLRPC PHPXMLRPC 1.1.1
PhpWiki PhpWIki 1.3.10
phpWebsite phpWebsite 0.10.2
phpWebsite phpWebsite 0.10.1
phpWebsite phpWebsite 0.10
phpWebsite phpWebsite 0.9.3 -4
phpWebsite phpWebsite 0.9.3 -3
phpWebsite phpWebsite 0.9.3 -2
phpWebsite phpWebsite 0.9.3 -1
phpWebsite phpWebsite 0.9.3
phpWebsite phpWebsite 0.8.3
phpWebsite phpWebsite 0.8.2
phpWebsite phpWebsite 0.7.3
phpPgAds phpPgAds 2.0.5
PHPGroupWare PHPGroupWare 0.9.16 RC3
PHPGroupWare PHPGroupWare 0.9.16 RC2
PHPGroupWare PHPGroupWare 0.9.16 RC1
PHPGroupWare PHPGroupWare 0.9.16 .006
PHPGroupWare PHPGroupWare 0.9.16 .005
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
PHPGroupWare PHPGroupWare 0.9.16 .003
+ Gentoo Linux
PHPGroupWare PHPGroupWare 0.9.16 .002
PHPGroupWare PHPGroupWare 0.9.16 .000
PHPGroupWare PHPGroupWare 0.9.14 .007
PHPGroupWare PHPGroupWare 0.9.14 .006
PHPGroupWare PHPGroupWare 0.9.14 .005
PHPGroupWare PHPGroupWare 0.9.14 .004
PHPGroupWare PHPGroupWare 0.9.14 .003
PHPGroupWare PHPGroupWare 0.9.14 .002
PHPGroupWare PHPGroupWare 0.9.14 .001
PHPGroupWare PHPGroupWare 0.9.14
PHPGroupWare PHPGroupWare 0.9.13
- Debian Linux 2.2
PHPGroupWare PHPGroupWare 0.9.12
- Conectiva Linux 9.0
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- MySQL AB MySQL 3.23.36
- MySQL AB MySQL 3.23.34
- MySQL AB MySQL 3.23.31
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
phpAdsNew phpAdsNew 2.0.4 -pr2
PEAR XML_RPC 1.3.3
Nucleus CMS Nucleus CMS 3.21
Nucleus CMS Nucleus CMS 3.2
Nucleus CMS Nucleus CMS 3.1
Nucleus CMS Nucleus CMS 3.0 RC
Nucleus CMS Nucleus CMS 3.0 1
Nucleus CMS Nucleus CMS 3.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MailWatch for MailScanner MailWatch for MailScanner 1.0.1
livesupport livesupport 1.0 rc1
livesupport livesupport 0.9.1
Gentoo Linux
eGroupWare eGroupWare 1.0.6
eGroupWare eGroupWare 1.0.3
eGroupWare eGroupWare 1.0.1
eGroupWare eGroupWare 1.0 .0.007
eGroupWare eGroupWare 1.0
Drupal Drupal 4.6.2
Drupal Drupal 4.6.1
Drupal Drupal 4.6
Drupal Drupal 4.5.4
Drupal Drupal 4.5.3
Drupal Drupal 4.5.2
Drupal Drupal 4.5.1
Drupal Drupal 4.5
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
b2evolution b2evolution 0.9 .0.12
b2evolution b2evolution 0.9 .0.11
b2evolution b2evolution 0.9 .0.10
b2evolution b2evolution 0.9 .0.09
b2evolution b2evolution 0.9 .0.08
b2evolution b2evolution 0.9 .0.05
b2evolution b2evolution 0.9 .0.03
b2evolution b2evolution 0.8.9
b2evolution b2evolution 0.8.7
b2evolution b2evolution 0.8.6 .2
b2evolution b2evolution 0.8.6 .1
b2evolution b2evolution 0.8.6
b2evolution b2evolution 0.8.2 .2
b2evolution b2evolution 0.8.2
PHPXMLRPC PHPXMLRPC 1.2
phpPgAds phpPgAds 2.0.6
PHPGroupWare PHPGroupWare 0.9.16 .007
phpAdsNew phpAdsNew 2.0.6
PEAR XML_RPC 1.4
Nucleus CMS Nucleus CMS 3.22
Nucleus CMS Nucleus CMS 3.21
MailWatch for MailScanner MailWatch for MailScanner 1.0.2
livesupport livesupport 1.0 rc2
eGroupWare eGroupWare 1.0 .0.009
Drupal Drupal 4.6.3
Drupal Drupal 4.5.5
b2evolution b2evolution 0.9.1

- 不受影响的程序版本

PHPXMLRPC PHPXMLRPC 1.2
phpPgAds phpPgAds 2.0.6
PHPGroupWare PHPGroupWare 0.9.16 .007
phpAdsNew phpAdsNew 2.0.6
PEAR XML_RPC 1.4
Nucleus CMS Nucleus CMS 3.22
Nucleus CMS Nucleus CMS 3.21
MailWatch for MailScanner MailWatch for MailScanner 1.0.2
livesupport livesupport 1.0 rc2
eGroupWare eGroupWare 1.0 .0.009
Drupal Drupal 4.6.3
Drupal Drupal 4.5.5
b2evolution b2evolution 0.9.1

- 漏洞讨论

PHPXMLRPC and PEAR XML_RPC are affected by a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has released version 1.2 of PHPXMLRPC and version 1.4 of PEAR XML_RPC to correct this problem.

Nucleus CMS has released a patch addressing this issue. Reports indicate an upgrade will be available shortly. Please contact the vendor for further information.

eGroupWare has addressed this issue in version 1.0.0.009.

phpPgAds and phpAdsNew have released patches addressing this issue.

Mailwatch for MailScanner has released a patch addressing this issue.

LiveSupport has released an update addressing this issue.

Ubuntu Linux has released security advisory USN-171-1 addressing this and other issues. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

RedHat has released advisory RHSA-2005:748-05, along with fixes to address this issue in PHP4 for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

Mandriva has released advisory MDKSA-2005:146, along with fixes to address this issue in php-pear. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200508-13 to address this issue in PEAR-XML_RPC and phpxmlrpc. Users of affected packages are urged to execute the following commands with superuser privileges:

PEAR-XML_RPC users:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/PEAR-XML_RPC-1.4.0"

phpxmlrpc users:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/phpxmlrpc-1.2-r1"

Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200508-14 to address this issue in eGroupWare and TikiWiki. Users of affected packages are urged to execute the following commands with superuser privileges:

TikiWiki users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r2"

eGroupWare users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.0.0.009"

Gentoo Linux has released advisory GLSA 200508-18 to address this issue in PhpWiki. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r2"
Please see the referenced advisory for further information.

Fedora has released advisories FEDORA-2005-809 and FEDORA-2005-810 containing an upstream version of the PEAR XML_RPC package to address this issue in Fedora Core 3 and Fedora Core 4. Please see the referenced advisories for more information.

Debian has released advisory DSA 789-1 to address various issues. Please see the referenced advisory for more information.

SUSE has released advisory SUSE-SA:2005:049 to address this and other issues affecting PHP. Please see the referenced advisory for more information.

Gentoo Linux has released security advisory GLSA 200508-20 addressing this issue. Gentoo recommends all phpGroupWare users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"

SUSE has reported that some fixes included in the advisory SUSE-SA:2005:049 for SUSE Linux Enterprise Server 9, SUSE Linux 9.0, 9.1, 9.2 and 9.3 have been removed due to the introduction of new bugs. SUSE plans to release a new advisory containing updated fixes in the near future.

Gentoo Linux has released security advisory GLSA 200508-21 addressing this issue. Gentoo recommends all phpWebSite users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2_rc2"

Slackware Linux has released advisory SSA:2005-242-02 to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 798-1 to address this and other issues in phpgroupware. Please see the referenced advisory for more information.

SuSE has released advisory SUSE-SA:2005:051 to address this and other issues. Please see the referenced advisory for links to fixes.

SGI has released Security Update #46 to address this and other issues for SGI Propack 3 Service Pack 6. Please see the referenced advisory for further information.

Slackware has released security advisory SSA:2005-251-04 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Gentoo has released security advisory GLSA 200509-19 addressing this issue. Gentoo recommends the following:
All PHP users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose dev-php/php

All mod_php users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose dev-php/mod_php

All php-cgi users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose dev-php/php-cgi

Debian Linux has released security advisory DSA 840-1 addressing this issue for Drupal. Please see the referenced advisory for more information.

Debian Linux has released security advisory DSA 842-1 addressing this issue for eGroupware. Please see the referenced advisory for more information.

Conectiva Linux has released security advisory CLSA-2005:1024 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

b2evolution has addressed this issue in version 0.9.1.

Fedora Legacy advisory FLSA:166943 is available to address various issues affecting PHP in Red Hat Linux 7.3, Red Hat Linux 9, Fedora Core 1, and Fedora Core 2. Please see the referenced advisory for more information.


Red Hat Fedora Core3

b2evolution b2evolution 0.8.2 .2

b2evolution b2evolution 0.8.6

b2evolution b2evolution 0.8.6 .1

b2evolution b2evolution 0.8.7

b2evolution b2evolution 0.9 .0.12

b2evolution b2evolution 0.9 .0.03

b2evolution b2evolution 0.9 .0.10

b2evolution b2evolution 0.9 .0.11

PHPGroupWare PHPGroupWare 0.9.12

PHPGroupWare PHPGroupWare 0.9.13

PHPGroupWare PHPGroupWare 0.9.14

PHPGroupWare PHPGroupWare 0.9.14 .002

PHPGroupWare PHPGroupWare 0.9.14 .007

PHPGroupWare PHPGroupWare 0.9.16 RC3

PHPGroupWare PHPGroupWare 0.9.16 .003

PHPGroupWare PHPGroupWare 0.9.16 .000

PHPGroupWare PHPGroupWare 0.9.16 .006

PHPGroupWare PHPGroupWare 0.9.16 .005

eGroupWare eGroupWare 1.0.1

eGroupWare eGroupWare 1.0.3

eGroupWare eGroupWare 1.0.6

PHPXMLRPC PHPXMLRPC 1.1.1

PEAR XML_RPC 1.3.3

phpAdsNew phpAdsNew 2.0.4 -pr2

SGI ProPack 3.0 SP6

Nucleus CMS Nucleus CMS 3.1

Nucleus CMS Nucleus CMS 3.21

Drupal Drupal 4.5

Drupal Drupal 4.5.1

Drupal Drupal 4.6

Drupal Drupal 4.6.1

Drupal Drupal 4.6.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站