Test Kennung:	1.3.6.1.4.1.25623.1.0.55881
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2005:212 (egroupware)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to egroupware announced via advisory MDKSA-2005:212. Egroupware contains embedded copies of several php based projects, including phpldapadmin and phpsysinfo. Phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. (CVE-2005-2654) Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. (CVE-2005-2792) PHP remote code injection vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. (CVE-2005-2793) Maksymilian Arciemowicz discovered several cross site scripting issues in phpsysinfo, a PHP based host information application. (CVE-2005-0869, 0870) Christopher Kunz discovered that local variables in phpsysinfo get overwritten unconditionally and are trusted later, which could lead to the inclusion of arbitrary files. (CVE-2005-3347) Christopher Kunz discovered that user-supplied input in phpsysinfo is used unsanitised, causing a HTTP Response splitting problem. (CVE-2005-3348) The updated packages have new versions of these subsystems to correct these issues. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:212 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2654 Debian Security Information: DSA-790 (Google Search) http://www.debian.org/security/2005/dsa-790 http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml Common Vulnerability Exposure (CVE) ID: CVE-2005-2792 BugTraq ID: 14695 http://www.securityfocus.com/bid/14695 Bugtraq: 20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) (Google Search) http://marc.info/?l=bugtraq&m=112542447219235&w=2 http://www.rgod.altervista.org/phpldap.html http://secunia.com/advisories/16617/ XForce ISS Database: phpldapadmin-welcome-file-include(22103) https://exchange.xforce.ibmcloud.com/vulnerabilities/22103 Common Vulnerability Exposure (CVE) ID: CVE-2005-2793 Common Vulnerability Exposure (CVE) ID: CVE-2005-0869 Bugtraq: 20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111161017209422&w=2 http://secunia.com/advisories/14690/ XForce ISS Database: phpsysinfo-path-disclosure(19808) https://exchange.xforce.ibmcloud.com/vulnerabilities/19808 Common Vulnerability Exposure (CVE) ID: CVE-2005-3347 BugTraq ID: 15396 http://www.securityfocus.com/bid/15396 BugTraq ID: 15414 http://www.securityfocus.com/bid/15414 Bugtraq: 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (Google Search) http://www.securityfocus.com/archive/1/416543 Debian Security Information: DSA-897 (Google Search) http://www.debian.org/security/2005/dsa-897 Debian Security Information: DSA-898 (Google Search) http://www.debian.org/security/2005/dsa-898 Debian Security Information: DSA-899 (Google Search) http://www.debian.org/security/2005/dsa-899 http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://www.hardened-php.net/advisory_212005.81.html http://secunia.com/advisories/17441 http://secunia.com/advisories/17570 http://secunia.com/advisories/17584 http://secunia.com/advisories/17616 http://secunia.com/advisories/17620 http://secunia.com/advisories/17643 http://secunia.com/advisories/17698 XForce ISS Database: phpsysinfo-registerglobal-data-manipulation(23107) https://exchange.xforce.ibmcloud.com/vulnerabilities/23107 Common Vulnerability Exposure (CVE) ID: CVE-2005-3348 Common Vulnerability Exposure (CVE) ID: CVE-2005-0870 BugTraq ID: 12887 http://www.securityfocus.com/bid/12887 Debian Security Information: DSA-724 (Google Search) http://www.debian.org/security/2005/dsa-724 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118 XForce ISS Database: phpsysinfo-sensor-program-xss(19807) https://exchange.xforce.ibmcloud.com/vulnerabilities/19807
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.