CVE-2005-2600
CVSS5.0
发布时间 :2005-08-17 00:00:00
修订时间 :2008-09-05 16:52:11
NMCOPS    

[原文]FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.


[CNNVD]FUDForum 树状视图验证漏洞 (CNNVD-200508-165)

        启用"树状视图"功能的FUDForum 2.6.15,正如在其它产品如phpgroupware和egroupware中使用的一样,允许远程攻击者借助于修改的mid参数读取私人帖子。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2600
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2600
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-165
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/16414
(VENDOR_ADVISORY)  SECUNIA  16414
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0383.html
(PATCH)  FULLDISC  20050811 Fudforum: incompletely check of user rights in tree view gaining access to all messages
http://www.securityfocus.com/bid/14556
(UNKNOWN)  BID  14556
http://www.debian.org/security/2005/dsa-899
(UNKNOWN)  DEBIAN  DSA-899
http://www.debian.org/security/2005/dsa-798
(UNKNOWN)  DEBIAN  DSA-798
http://secunia.com/advisories/17643
(UNKNOWN)  SECUNIA  17643

- 漏洞信息

FUDForum 树状视图验证漏洞
中危 输入验证
2005-08-17 00:00:00 2006-09-05 00:00:00
远程  
        启用"树状视图"功能的FUDForum 2.6.15,正如在其它产品如phpgroupware和egroupware中使用的一样,允许远程攻击者借助于修改的mid参数读取私人帖子。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        PHPGroupWare PHPGroupWare 0.9.12
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.13
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14 .004
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14 .006
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14 .005
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14 .003
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14 .001
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14 .002
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.14 .007
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.16 .006
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        PHPGroupWare PHPGroupWare 0.9.16 RC1
        PhPGroupWare phpgroupware-0.9.16.007.tar.gz
        http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
        

- 漏洞信息 (F41691)

Debian Linux Security Advisory 899-1 (PacketStormID:F41691)
2005-11-20 00:00:00
Debian  security.debian.org
advisory,web,vulnerability
linux,debian
CVE-2005-0870,CVE-2005-2600,CVE-2005-3347,CVE-2005-3348
[点击下载]

Debian Security Advisory DSA 899-1 - Several vulnerabilities have been discovered in egroupware, a web-based groupware suite.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 899-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 17th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : egroupware
Vulnerability  : programming errors
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-0870 CVE-2005-2600 CVE-2005-3347 CVE-2005-3348
CERT advisory  : 
BugTraq ID     : 
Debian Bug     : 301118

Several vulnerabilities have been discovered in egroupware, a
web-based groupware suite.  The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2005-0870

    Maksymilian Arciemowicz discoverd several cross site scripting
    problems in phpsysinfo, which are also present in the imported
    version in egroupware and of which not all were fixed in DSA 724.

CVE-2005-2600

    Alexander Heidenreich discovered a cross-site scripting problem in
    the tree view of FUD Forum Bulletin Board Software, which is also
    present in egroupwre and allows remote attackers to read private
    posts via a modified mid parameter.

CVE-2005-3347

    Christopher Kunz discovered that local variables get overwritten
    unconditionally in phpsyinfo, which are also present in
    egroupware, and are trusted later, which could lead to the
    inclusion of arbitrary files.

CVE-2005-3348

    Christopher Kunz discovered that user-supplied input is used
    unsanitised in phpsyinfo and imported in egroupware, causing a
    HTTP Response splitting problem.

The old stable distribution (woody) does not contain egroupware packages.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.0.007-2.dfsg-2sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.0.009.dfsg-3-3.

We recommend that you upgrade your egroupware packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4.dsc
      Size/MD5 checksum:     1285 449d8b4bde8bf1dc1c631494202eb25e
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4.diff.gz
      Size/MD5 checksum:    51025 d39172a3463bbd6ed00a6a60144e3d63
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
      Size/MD5 checksum: 12699187 462f5ea377c4d0c04f16ffe8037b9d6a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   149230 8280813d30413ef7e69de8a2989fb113
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   125392 a2df436b22449238c653c802853cedff
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   382492 c564a217b20493a1e9b7497b714b2262
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   256280 3022f0747e5d8dc85837ab157af683a7
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:  3775666 36bec6ef46c59d25e96ffc36d3419786
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    53672 e87974d6a00a4d758104e1b68537bd9b
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:  1244206 6e24cc9703e8c69e2fc07f3443426f7d
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    38350 d6e7c9418dc5696b749d449fd114a15e
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:  1363478 63b81dcba0cc99ad26162b64ba2a1c8c
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   275628 eacca4272ab0f1828cd0bd7352c9413f
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   173094 64eb2a65554489ba03ac1479db0ddc47
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    51562 68cf162c3324aaced4519599bec60d68
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    38250 65d021a72386ed85c217ae612ebd5e83
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:  1486862 18094d976509c921b78e3e01fc313312
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    75140 96512f31443e519575c94d1dfb386ed0
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   202506 6adf39fd70f93873cd6554d0f469d0f7
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   205248 a945d00ac04c1c76b41fb2ff5db391ac
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:     7370 42d511df268a9e864e6f867c0e2d8081
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    17538 89321a3b1c8c6612b395c6d6515c1286
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    32368 fc3129399a64f779762819b716516a86
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    50944 c71e4c13d4a393d9951e2fcb035ff8c2
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   119504 84b23749d99e6e2e2f9d5f39d1fb47f9
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   139804 0d87c2cf76ab9034157f7905da34566c
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   116272 c3969cf32b9a2141ff8a42ec53b17fbf
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    36310 a973e7298514a49dd03b70bf3d558a6a
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   302504 362a4e8f6c7e274dc0d34540d15780f7
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   100064 c96c69d63cccae50277249a4489457cd
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:   486812 d1700a733832ccdaec3a3fe39efbcfe5
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    26742 d8283f02ae03fe9843e905bfc69c11e9
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    92876 4f9113de1a430994cf1716f773606fc2
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:    92820 17fd81ad731b8b0c505a8c5584a0c758
    http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4_all.deb
      Size/MD5 checksum:     4624 323682be7276c562490b6ba3c62c60e9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDfMIgW5ql+IAeqTIRAm1yAJ0UjdhVTg7P8HOQ623C3xbWiZ15TACeMaYV
3jXU4Er0BnpCPGQgwBdrbYw=
=BYSP
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F39819)

Debian Linux Security Advisory 798-1 (PacketStormID:F39819)
2005-09-05 00:00:00
Debian  debian.org
advisory,web,php,vulnerability
linux,debian
CVE-2005-2498,CVE-2005-2600,CVE-2005-2761
[点击下载]

Debian Security Advisory DSA 798-1 - Several vulnerabilities have been discovered in phpgroupware, a web based groupware system written in PHP.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 798-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 2nd, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : phpgroupware
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2498 CAN-2005-2600 CAN-2005-2761

Several vulnerabilities have been discovered in phpgroupware, a web
based groupware system written in PHP.  The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2005-2498

    Stefan Esser discovered another vulnerability in the XML-RPC
    libraries that allows injection of arbitrary PHP code into eval()
    statements.  The XMLRPC component has been disabled.

CAN-2005-2600

    Alexander Heidenreich discovered a cross-site scriptiong problem
    in the tree view of FUD Forum Bulletin Board Software, which is
    also present in phpgroupware.

CAN-2005-2761

    A global cross-site scripting fix has also been included that
    protects against potential malicious scripts embedded in CSS and
    xmlns in various parts of the application and modules.

This update also contains a postinst bugfix that has been approved for
the next update to the stable release.

For the old stable distribution (woody) these problems don't apply.

For the stable distribution (sarge) these problems have been fixed in
version 0.9.16.005-3.sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.9.16.008.

We recommend that you upgrade your phpgroupware packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.dsc
      Size/MD5 checksum:     1665 e10b74698fb0ccd70d9960c4e9745224
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.diff.gz
      Size/MD5 checksum:    36212 ce2653530ea7790676d68687ac9ab89a
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
      Size/MD5 checksum: 19442629 5edd5518e8f77174c12844f9cfad6ac4

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   176408 e62845031a7af8182d876d93ce3a653d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   186202 70608b587089d644a3c2ff787f6ef3a0
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   100830 97695db70fdda862347531f7b22b40cd
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   323858 db8259d262257e59a620113a97dc5a75
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    23068 57ecbc9bed7823851eef44102e59e36d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   434086 f8c1e175ab1b1dc0b337ca47f3670f30
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:     6388 690fb88e32c50d3d00f440362c27dc78
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    33196 dab4c5133ea41f23a8752d93e8bd9786
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    42654 9db6fec8e4687d8fe6099a467a8246db
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    50302 f4aeb63d1aeaa72c2bbfa6a5c0f8f247
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  1117628 e467218f15060c0edbabaa85cc6d561e
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  1329298 95e88686c6212b6b1fcbfe404aef76ea
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   180022 5930fda4d00b9814600dd3164243e678
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    91478 d2bd73cc22569c599fcadbedcfe1abb6
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   166208 3b310fc7dedb0c055e1bbb451b61edd8
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    45422 37e0f53559aa145decf9ee82906f6225
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    36296 e196baee2c1c89fc3872ea91b4046845
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  1355378 5453aa07a4c4372f247a994d7122170d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    63786 533a084f5b12d9471fd0bf8e7eb471a1
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    18712 feaa03f55c431cb7265c98dd5ea3ccbb
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:     8472 4595ab292c8139cbe4596754403a471a
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   136256 9f5270506681b88bc7b55c459e7c6ab6
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    90472 8a82ed20e8bb22e098610bf988338966
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    25864 fe33aebc1fe6887b3a36624139216092
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    41170 971b81d589f9ec41661260c666d7b0ac
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    46804 749dcf3257343b66b0d866fdfee0a933
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    34828 4135f525d65dafde78ab72da65e84ab7
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    20566 cca6d535bd572adb89be5337c2ea4081
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    40058 e4fd11ffcc187d218e8e761443210de2
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:  9677508 a2e03ccffbc07f28b7e40610a223173b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   116316 ea045a4a3bc0b30fefa3105d781f1e6b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    31390 42add8aa672fcbad2bc45bcc86de345f
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    59496 907318b665a238d7d272125377e786ff
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   120176 6d4c7741a3706276da2e67f76ccda644
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    23352 8d9360711e849414a9e331b820a06e7e
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    29810 c1414f1646c86cc9548cd21091b9402d
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   267152 dc7418b235702e20c9c746116a41cd0b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   902332 d18c60e4a310be6a8079659d9edb1ef3
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    19062 5c21d71782cb4790f0037ae7358c6366
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    23888 001d27f63b54f9a60788b0512f3b0315
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    21842 20bdf757aa0ba7d6e7ddd64454af89c5
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    50120 825d4e389401fe8d3ed3cc4f5bad71ed
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    55662 7594f3210ebd11e91f483aac7cc9c20b
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    70170 01379389b829ca8fc81f820df5ba0f76
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:    62818 303dbc331b9bdab5e476a6dacfe08a87
    http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2_all.deb
      Size/MD5 checksum:   156040 b02eea4ffa8eac66bab0e673df7a5afa


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDGDHkW5ql+IAeqTIRAgjKAJ0ZQXrESKCx66FOz2YV+Rkz0503aQCeLPqe
Jol2uYCvFJbwPaWvi2tinCg=
=lz87
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F39719)

Gentoo Linux Security Advisory 200508-20 (PacketStormID:F39719)
2005-08-31 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2498,CVE-2005-2600
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-20 - phpGroupWare improperly validates the mid parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially vulnerable XML-RPC library. Versions less than 0.9.16.008 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: phpGroupWare: Multiple vulnerabilities
      Date: August 30, 2005
      Bugs: #102379
        ID: 200508-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

phpGroupWare is vulnerable to multiple issues ranging from information
disclosure to a potential execution of arbitrary code.

Background
==========

phpGroupWare is a multi-user groupware suite written in PHP.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /   Vulnerable   /              Unaffected
    -------------------------------------------------------------------
  1  www-apps/phpgroupware     < 0.9.16.008              >= 0.9.16.008

Description
===========

phpGroupWare improperly validates the "mid" parameter retrieved via a
forum post. The current version of phpGroupWare also adds several
safeguards to prevent XSS issues, and disables the use of a potentially
vulnerable XML-RPC library.

Impact
======

A remote attacker may leverage the XML-RPC vulnerability to execute
arbitrary PHP script code. He could also create a specially crafted
request that will reveal private posts.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All phpGroupWare users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"

References
==========

  [ 1 ] CAN-2005-2498
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2498
  [ 2 ] CAN-2005-2600
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2600
  [ 3 ] Secunia Advisory SA16414
        http://secunia.com/advisories/16414

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-20.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

18699
FUDforum mid Variable Tree View Arbitrary Restricted Message Access
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

FUDforum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker modifies the mid HTTP variable, which will disclose arbitrary restricted forum messages resulting in a loss of confidentiality.

- 时间线

2005-08-11 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.7.0 or higher, as it has been reported to fix this vulnerability. In addition, Alexander Heidenreich has released a patch for some older versions.

- 相关参考

- 漏洞作者

- 漏洞信息

FUDForum Tree View Access Validation Vulnerability
Input Validation Error 14556
Yes No
2005-08-12 12:00:00 2009-07-12 05:06:00
Alexander Heidenreich is credited with the discovery of this vulnerability.

- 受影响的程序版本

PHPGroupWare PHPGroupWare 0.9.16 RC3
PHPGroupWare PHPGroupWare 0.9.16 RC2
PHPGroupWare PHPGroupWare 0.9.16 RC1
PHPGroupWare PHPGroupWare 0.9.16 .006
PHPGroupWare PHPGroupWare 0.9.16 .005
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
PHPGroupWare PHPGroupWare 0.9.16 .003
+ Gentoo Linux
PHPGroupWare PHPGroupWare 0.9.16 .002
PHPGroupWare PHPGroupWare 0.9.16 .000
PHPGroupWare PHPGroupWare 0.9.14 .007
PHPGroupWare PHPGroupWare 0.9.14 .006
PHPGroupWare PHPGroupWare 0.9.14 .005
- Conectiva Linux 9.0
- Conectiva Linux 8.0
- Conectiva Linux 7.0
PHPGroupWare PHPGroupWare 0.9.14 .004
PHPGroupWare PHPGroupWare 0.9.14 .003
PHPGroupWare PHPGroupWare 0.9.14 .002
PHPGroupWare PHPGroupWare 0.9.14 .001
PHPGroupWare PHPGroupWare 0.9.14
PHPGroupWare PHPGroupWare 0.9.13
- Debian Linux 2.2
PHPGroupWare PHPGroupWare 0.9.12
- Conectiva Linux 9.0
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- MySQL AB MySQL 3.23.36
- MySQL AB MySQL 3.23.34
- MySQL AB MySQL 3.23.31
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
Ilia Alshanetsky FUDForum 2.6.15
Gentoo Linux
eGroupWare eGroupWare 1.0 .0.007
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Gentoo Linux
PHPGroupWare PHPGroupWare 0.9.16 .007

- 不受影响的程序版本

PHPGroupWare PHPGroupWare 0.9.16 .007

- 漏洞讨论

FUDforum is prone to an access-validation vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to private forums.

An attacker can exploit this vulnerability to obtain posts from private forums. This may result in a loss of confidentiality. Information obtained may also be used in further attacks.

This issue is reported to affect FUDforum version 2.6.15; earlier versions may also be vulnerable.

Note that this issue may be triggered only if the 'Tree View' feature is enabled.

- 漏洞利用

No exploit is required.

- 解决方案


Please see the referenced advisories for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com


PHPGroupWare PHPGroupWare 0.9.12

PHPGroupWare PHPGroupWare 0.9.13

PHPGroupWare PHPGroupWare 0.9.14 .004

PHPGroupWare PHPGroupWare 0.9.14 .006

PHPGroupWare PHPGroupWare 0.9.14 .005

PHPGroupWare PHPGroupWare 0.9.14

PHPGroupWare PHPGroupWare 0.9.14 .003

PHPGroupWare PHPGroupWare 0.9.14 .001

PHPGroupWare PHPGroupWare 0.9.14 .002

PHPGroupWare PHPGroupWare 0.9.14 .007

PHPGroupWare PHPGroupWare 0.9.16 .006

PHPGroupWare PHPGroupWare 0.9.16 RC1

PHPGroupWare PHPGroupWare 0.9.16 .005

PHPGroupWare PHPGroupWare 0.9.16 RC3

PHPGroupWare PHPGroupWare 0.9.16 .002

PHPGroupWare PHPGroupWare 0.9.16 .000

PHPGroupWare PHPGroupWare 0.9.16 RC2

PHPGroupWare PHPGroupWare 0.9.16 .003

eGroupWare eGroupWare 1.0 .0.007

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站