Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities
Date: Wed, 07 May 2008 22:00:44
Message-Id: 48222619.1090605@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200805-04
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: High
11 Title: eGroupWare: Multiple vulnerabilities
12 Date: May 07, 2008
13 Bugs: #214212, #218625
14 ID: 200805-04
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Multiple vulnerabilities in eGroupWare may lead to execution of
22 arbitrary PHP code, the ability to upload malicious files and
23 cross-site scripting attacks.
24
25 Background
26 ==========
27
28 eGroupWare is a suite of web-based group applications including
29 calendar, address book, messenger and email.
30
31 Affected packages
32 =================
33
34 -------------------------------------------------------------------
35 Package / Vulnerable / Unaffected
36 -------------------------------------------------------------------
37 1 www-apps/egroupware < 1.4.004 >= 1.4.004
38
39 Description
40 ===========
41
42 A vulnerability has been reported in FCKEditor due to the way that file
43 uploads are handled in the file
44 editor/filemanager/upload/php/upload.php when a filename has multiple
45 file extensions (CVE-2008-2041). Another vulnerability exists in the
46 _bad_protocol_once() function in the file
47 phpgwapi/inc/class.kses.inc.php, which allows remote attackers to
48 bypass HTML filtering (CVE-2008-1502).
49
50 Impact
51 ======
52
53 The first vulnerability can be exploited to upload malicious files and
54 execute arbitrary PHP code provided that a directory is writable by the
55 webserver. The second vulnerability can be exploited by remote
56 attackers via a specially crafted URL in order to conduct cross-site
57 scripting attacks.
58
59 Workaround
60 ==========
61
62 There is no known workaround at this time.
63
64 Resolution
65 ==========
66
67 All eGroupWare users should upgrade to the latest version:
68
69 # emerge --sync
70 # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.4.004"
71
72 References
73 ==========
74
75 [ 1 ] CVE-2008-1502
76 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502
77 [ 2 ] CVE-2008-2041
78 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2041
79
80 Availability
81 ============
82
83 This GLSA and any updates to it are available for viewing at
84 the Gentoo Security Website:
85
86 http://security.gentoo.org/glsa/glsa-200805-04.xml
87
88 Concerns?
89 =========
90
91 Security is a primary focus of Gentoo Linux and ensuring the
92 confidentiality and security of our users machines is of utmost
93 importance to us. Any security concerns should be addressed to
94 security@g.o or alternatively, you may file a bug at
95 http://bugs.gentoo.org.
96
97 License
98 =======
99
100 Copyright 2008 Gentoo Foundation, Inc; referenced text
101 belongs to its owner(s).
102
103 The contents of this document are licensed under the
104 Creative Commons - Attribution / Share Alike license.
105
106 http://creativecommons.org/licenses/by-sa/2.5
107 -----BEGIN PGP SIGNATURE-----
108 Version: GnuPG v2.0.7 (GNU/Linux)
109 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
110
111 iD8DBQFIIiYZuhJ+ozIKI5gRApXqAJ9NjCCZWlurwTnXtNUVbfGPQ0afqACeP/Ou
112 jpDQOShJcSxizlmAHi66pfs=
113 =Nh6x
114 -----END PGP SIGNATURE-----
115 --
116 gentoo-announce@l.g.o mailing list