Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200812-20 ] phpCollab: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1582

PostPosted: Sun Dec 21, 2008 8:26 pm    Post subject: [ GLSA 200812-20 ] phpCollab: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: phpCollab: Multiple vulnerabilities (GLSA 200812-20)
Severity: high
Exploitable: remote
Date: December 21, 2008
Bug(s): #235052
ID: 200812-20

Synopsis


Multiple vulnerabilities have been discovered in phpCollab allowing for
remote injection of shell commands, PHP code and SQL statements.


Background


phpCollab is a web-enabled groupware and project management software
written in PHP. It uses SQL-based database backends.


Affected Packages

Package: www-apps/phpcollab
Vulnerable: <= 2.5_rc3
Architectures: All supported architectures


Description


Multiple vulnerabilities have been found in phpCollab:
  • rgod reported that data sent to general/sendpassword.php via the
    loginForm parameter is not properly sanitized before being used in an
    SQL statement (CVE-2006-1495).
  • Christian Hoffmann of Gentoo
    Security discovered multiple vulnerabilities where input is
    insufficiently sanitized before being used in an SQL statement, for
    instance in general/login.php via the loginForm parameter.
    (CVE-2008-4303).
  • Christian Hoffmann also found out that the
    variable $SSL_CLIENT_CERT in general/login.php is not properly
    sanitized before being used in a shell command. (CVE-2008-4304).
  • User-supplied data to installation/setup.php is not checked before
    being written to include/settings.php which is executed later. This
    issue was reported by Christian Hoffmann as well (CVE-2008-4305).


Impact


These vulnerabilities enable remote attackers to execute arbitrary SQL
statements and PHP code. NOTE: Some of the SQL injection
vulnerabilities require the php.ini option "magic_quotes_gpc" to be
disabled. Furthermore, an attacker might be able to execute arbitrary
shell commands if "register_globals" is enabled, "magic_quotes_gpc" is
disabled, the PHP OpenSSL extension is not installed or loaded and the
file "installation/setup.php" has not been deleted after installation.


Workaround


There is no known workaround at this time.


Resolution


phpCollab has been removed from the Portage tree. We recommend that
users unmerge phpCollab:
Code:
# emerge --unmerge "www-apps/phpcollab"


References

CVE-2006-1495
CVE-2008-4303
CVE-2008-4304
CVE-2008-4305


Last edited by GLSA on Fri Jun 22, 2012 4:27 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum