 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.59958 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1423-1) |
| Summary: | The remote host is missing an update for the Debian 'sitebar' package(s) announced via the DSA-1423-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'sitebar' package(s) announced via the DSA-1423-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in sitebar, a web based bookmark manager written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5491 A directory traversal vulnerability in the translation module allows remote authenticated users to chmod arbitrary files to 0777 via .. sequences in the lang parameter. CVE-2007-5492 A static code injection vulnerability in the translation module allows a remote authenticated user to execute arbitrary PHP code via the value parameter. CVE-2007-5693 An eval injection vulnerability in the translation module allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action. CVE-2007-5694 A path traversal vulnerability in the translation module allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter. CVE-2007-5695 An error in command.php allows remote attackers to redirect users to arbitrary web sites via the forward parameter in a Log In action. CVE-2007-5692 Multiple cross site scripting flaws allow remote attackers to inject arbitrary script or HTML fragments into several scripts. For the old stable distribution (sarge), these problems have been fixed in version 3.2.6-7.1sarge1. For the stable distribution (etch), these problems have been fixed in version 3.3.8-7etch1. For the unstable distribution (sid), these problems have been fixed in version 3.3.8-12.1. We recommend that you upgrade your sitebar package. Affected Software/OS: 'sitebar' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-5491 BugTraq ID: 26126 http://www.securityfocus.com/bid/26126 Debian Security Information: DSA-1423 (Google Search) http://www.debian.org/security/2007/dsa-1423 http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup http://secunia.com/advisories/27503 http://secunia.com/advisories/28008 http://www.vupen.com/english/advisories/2007/3768 Common Vulnerability Exposure (CVE) ID: CVE-2007-5492 Bugtraq: 20071018 Serious holes affecting SiteBar 3.3.8 (Google Search) http://www.securityfocus.com/archive/1/482499/100/0/threaded http://osvdb.org/43760 Common Vulnerability Exposure (CVE) ID: CVE-2007-5692 http://osvdb.org/41355 http://osvdb.org/41356 http://osvdb.org/41357 http://osvdb.org/41358 http://osvdb.org/41359 http://securityreason.com/securityalert/3318 Common Vulnerability Exposure (CVE) ID: CVE-2007-5693 http://osvdb.org/43604 Common Vulnerability Exposure (CVE) ID: CVE-2007-5694 http://osvdb.org/41110 Common Vulnerability Exposure (CVE) ID: CVE-2007-5695 http://osvdb.org/41581 |
| Copyright | Copyright (C) 2008 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |