 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.58594 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1371-1) |
| Summary: | The remote host is missing an update for the Debian 'phpwiki' package(s) announced via the DSA-1371-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'phpwiki' package(s) announced via the DSA-1371-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. CVE-2007-2025 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. CVE-2007-3193 If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. The old stable distribution (sarge) does not contain phpwiki packages. For the stable distribution (etch) these problems have been fixed in version 1.3.12p3-5etch1. For the unstable distribution (sid) these problems have been fixed in version 1.3.12p3-6.1. We recommend that you upgrade your phpwiki package. Affected Software/OS: 'phpwiki' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-2024 Bugtraq: 20070412 Critical phpwiki c99shell exploit (Google Search) http://www.securityfocus.com/archive/1/465489/100/0/threaded Bugtraq: 20070412 RE: Critical phpwiki c99shell exploit (Google Search) http://www.securityfocus.com/archive/1/465550/100/0/threaded Bugtraq: 20070412 Re: Critical phpwiki c99shell exploit (Google Search) http://www.securityfocus.com/archive/1/465514/100/0/threaded CERT/CC vulnerability note: VU#914793 http://www.kb.cert.org/vuls/id/914793 Debian Security Information: DSA-1371 (Google Search) http://www.debian.org/security/2007/dsa-1371 http://www.gentoo.org/security/en/glsa/glsa-200705-16.xml http://www.nabble.com/Fwd%3A-Critical-phpwiki-c99shell-exploit-t3571197.html http://secunia.com/advisories/24888 http://secunia.com/advisories/25307 http://secunia.com/advisories/26784 http://www.vupen.com/english/advisories/2007/1400 Common Vulnerability Exposure (CVE) ID: CVE-2007-2025 https://sourceforge.net/forum/message.php?msg_id=4249177 http://www.nabble.com/Important-UpLoad-security-fix%21-was--Fwd%3A--phpwiki---Open-Discussion--RE%3A-upload-security-risk--t3543463.html Common Vulnerability Exposure (CVE) ID: CVE-2007-3193 http://security.gentoo.org/glsa/glsa-200709-10.xml http://sourceforge.net/tracker/index.php?func=detail&aid=1732882&group_id=6121&atid=106121 http://osvdb.org/37219 http://secunia.com/advisories/25595 http://secunia.com/advisories/26880 http://www.vupen.com/english/advisories/2007/2144 XForce ISS Database: phpwiki-ldap-security-bypass(34819) https://exchange.xforce.ibmcloud.com/vulnerabilities/34819 |
| Copyright | Copyright (C) 2008 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |