phpGroupWare Unspecified Bug Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1007276 |
|
SecurityTracker URL: http://securitytracker.com/id/1007276
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 23 2003
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 0.9.14.006
|
Description:
A vulnerability was reported in phpGroupWare. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can, without authentication, exploit an unspecified flaw that can lead to arbitrary code execution. The code will run with the privileges of the target web server. No further details were provided.
An analysis of code changes suggests that the flaw may be an input validation flaw in 'chat/messages.php'.
A report by Mandrake indicates that this vulnerability is being actively exploited.
|
Impact:
A remote user can execute arbitrary code on the target system with the privileges of the web server.
|
Solution:
The vendor has released a fixed version (0.9.14.006), available at:
http://www.phpgroupware.org/downloads/
|
Vendor URL: www.phpgroupware.org/ (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 23 Jul 2003 14:09:12 -0400
Subject: phpGroupWare 0.9.14.006
|
http://www.phpgroupware.org/
> phpGroupWare 0.9.14.006 - Security and Bug Fix Release
>
> This release fixes a just discovered exploit in phpGroupWare.
> The exploit works for ALL branches !!!
|
|
