Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200812-20 ] phpCollab: Multiple vulnerabilities
Date: Sun, 21 Dec 2008 19:26:22
Message-Id: 494E983A.3060605@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200812-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: phpCollab: Multiple vulnerabilities
9 Date: December 21, 2008
10 Bugs: #235052
11 ID: 200812-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been discovered in phpCollab allowing for
19 remote injection of shell commands, PHP code and SQL statements.
20
21 Background
22 ==========
23
24 phpCollab is a web-enabled groupware and project management software
25 written in PHP. It uses SQL-based database backends.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-apps/phpcollab <= 2.5_rc3 Vulnerable!
34 -------------------------------------------------------------------
35 NOTE: Certain packages are still vulnerable. Users should migrate
36 to another package if one is available or wait for the
37 existing packages to be marked stable by their
38 architecture maintainers.
39
40 Description
41 ===========
42
43 Multiple vulnerabilities have been found in phpCollab:
44
45 * rgod reported that data sent to general/sendpassword.php via the
46 loginForm parameter is not properly sanitized before being used in an
47 SQL statement (CVE-2006-1495).
48
49 * Christian Hoffmann of Gentoo Security discovered multiple
50 vulnerabilites where input is insufficiently sanitized before being
51 used in an SQL statement, for instance in general/login.php via the
52 loginForm parameter. (CVE-2008-4303).
53
54 * Christian Hoffmann also found out that the variable
55 $SSL_CLIENT_CERT in general/login.php is not properly sanitized
56 before being used in a shell command. (CVE-2008-4304).
57
58 * User-supplied data to installation/setup.php is not checked before
59 being written to include/settings.php which is executed later. This
60 issue was reported by Christian Hoffmann as well (CVE-2008-4305).
61
62 Impact
63 ======
64
65 These vulnerabilities enable remote attackers to execute arbitrary SQL
66 statements and PHP code. NOTE: Some of the SQL injection
67 vulnerabilities require the php.ini option "magic_quotes_gpc" to be
68 disabled. Furthermore, an attacker might be able to execute arbitrary
69 shell commands if "register_globals" is enabled, "magic_quotes_gpc" is
70 disabled, the PHP OpenSSL extension is not installed or loaded and the
71 file "installation/setup.php" has not been deleted after installation.
72
73 Workaround
74 ==========
75
76 There is no known workaround at this time.
77
78 Resolution
79 ==========
80
81 phpCollab has been removed from the Portage tree. We recommend that
82 users unmerge phpCollab:
83
84 # emerge --unmerge "www-apps/phpcollab"
85
86 References
87 ==========
88
89 [ 1 ] CVE-2006-1495
90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1495
91 [ 2 ] CVE-2008-4303
92 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4303
93 [ 3 ] CVE-2008-4304
94 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4304
95 [ 4 ] CVE-2008-4305
96 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4305
97
98 Availability
99 ============
100
101 This GLSA and any updates to it are available for viewing at
102 the Gentoo Security Website:
103
104 http://security.gentoo.org/glsa/glsa-200812-20.xml
105
106 Concerns?
107 =========
108
109 Security is a primary focus of Gentoo Linux and ensuring the
110 confidentiality and security of our users machines is of utmost
111 importance to us. Any security concerns should be addressed to
112 security@g.o or alternatively, you may file a bug at
113 http://bugs.gentoo.org.
114
115 License
116 =======
117
118 Copyright 2008 Gentoo Foundation, Inc; referenced text
119 belongs to its owner(s).
120
121 The contents of this document are licensed under the
122 Creative Commons - Attribution / Share Alike license.
123
124 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature