Mandrake Linux Security Advisory : phpgroupware (MDKSA-2003:077)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Several vulnerabilities were discovered in all versions of
phpgroupware prior to 0.9.14.006. This latest version fixes an
exploitable condition in all versions that can be exploited remotely
without authentication and can lead to arbitrary code execution on the
web server. This vulnerability is being actively exploited.

Version 0.9.14.005 fixed several other vulnerabilities including
cross-site scripting issues that can be exploited to obtain sensitive
information such as authentication cookies.

This update provides the latest stable version of phpgroupware and all
users are encouraged to update immediately. In addition, you should
also secure your installation by including the following in your
Apache configuration files :

<Directory /var/www/html/phpgroupware> <Files ~ '.inc.php$'> Order
allow,deny Deny from all </Files> </Directory>

See also :

http://www.security-corporation.com/articles-20030702-005.html

Solution :

Update the affected phpgroupware package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14060 (mandrake_MDKSA-2003-077.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0504

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now