GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Nov 13, 2017 12:26 am Post subject: [ GLSA 201711-12 ] eGroupWare |
|
|
Gentoo Linux Security Advisory
Title: eGroupWare: Remote code execution (GLSA 201711-12)
Severity: normal
Exploitable: remote
Date: 2017-11-12
Bug(s): #501908
ID: 201711-12
Synopsis
Multiple vulnerabilities have been found in eGroupWare, the worst
of which allows remote attackers to execute arbitrary code.
Background
eGroupWare is a suite of web-based group applications including
calendar, address book, messenger and email.
Affected Packages
Package: www-apps/egroupware
Vulnerable: <= 1.8.004.20120613
Architectures: All supported architectures
Description
It was found that eGroupWare contains multiple code injection
vulnerabilities in multiple parameters and routes because of improper
input sanitization.
Impact
A remote attacker could execute arbitrary code, delete arbitrary files
or inject arbitrary PHP objects via multiple routes.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for eGroupWare and recommends that users
unmerge the package:
Code: | # emerge --unmerge "www-apps/egroupware"
|
References
CVE-2014-2027
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 2 times in total |
|