Debian Local Security Checks : Debian Security Advisory DSA 898-1 (phpgroupware)

Vulnerability Search		Search 219043 CVE descriptions and 99761 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.55885
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 898-1 (phpgroupware)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to phpgroupware announced via advisory DSA 898-1. Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discoverd several cross site scripting problems, of which not all were fixed in DSA 724. CVE-2005-3347 Christopher Kunz discovered that local variables get overwritten unconditionally and are trusted later, which could lead to the inclusion of arbitrary files. CVE-2005-3348 Christopher Kunz discovered that user-supplied input is used unsanitised, causing a HTTP Response splitting problem. For the old stable distribution (woody) these problems have been fixed in version 0.9.14-0.RC3.2.woody5. For the stable distribution (sarge) these problems have been fixed in version 0.9.16.005-3.sarge4. For the unstable distribution (sid) these problems have been fixed in version 0.9.16.008-2. We recommend that you upgrade your phpgroupware packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%20898-1 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0870 BugTraq ID: 12887 http://www.securityfocus.com/bid/12887 BugTraq ID: 15414 http://www.securityfocus.com/bid/15414 Bugtraq: 20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111161017209422&w=2 Bugtraq: 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (Google Search) http://www.securityfocus.com/archive/1/416543 Debian Security Information: DSA-724 (Google Search) http://www.debian.org/security/2005/dsa-724 Debian Security Information: DSA-897 (Google Search) http://www.debian.org/security/2005/dsa-897 Debian Security Information: DSA-898 (Google Search) http://www.debian.org/security/2005/dsa-898 Debian Security Information: DSA-899 (Google Search) http://www.debian.org/security/2005/dsa-899 http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118 http://secunia.com/advisories/14690/ http://secunia.com/advisories/17616 http://secunia.com/advisories/17643 XForce ISS Database: phpsysinfo-sensor-program-xss(19807) https://exchange.xforce.ibmcloud.com/vulnerabilities/19807 Common Vulnerability Exposure (CVE) ID: CVE-2005-3347 BugTraq ID: 15396 http://www.securityfocus.com/bid/15396 http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml http://www.hardened-php.net/advisory_212005.81.html http://secunia.com/advisories/17441 http://secunia.com/advisories/17570 http://secunia.com/advisories/17584 http://secunia.com/advisories/17620 http://secunia.com/advisories/17698 XForce ISS Database: phpsysinfo-registerglobal-data-manipulation(23107) https://exchange.xforce.ibmcloud.com/vulnerabilities/23107 Common Vulnerability Exposure (CVE) ID: CVE-2005-3348
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com