MDKSA-2003:077

Package name

phpgroupware

Date

2003-07-23

Advisory ID

MDKSA-2003:077

Affected versions

9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , 9.1 i586 , 8.2 i586

Problem description

Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited. Version 0.9.14.005 fixed several other vulnerabilities including cross-site scripting issues that can be exploited to obtain sensitive information such as authentication cookies. This update provides the latest stable version of phpgroupware and all users are encouraged to update immediately. In addition, you should also secure your installation by including the following in your Apache configuration files: Order allow,deny Deny from all

Updated packages

9.1 i586

 cc485c5da743cf51b6ccf1107900fe71  9.1/RPMS/phpgroupware-0.9.14.006-0.1mdk.noarch.rpm
677f92cdb16d28c917b52b987d9cd624  9.1/SRPMS/phpgroupware-0.9.14.006-0.1mdk.src.rpm

CS2.1 x86_64

 dee4d9ba7cdb6272510ce9f04c9cc680  x86_64/corporate/2.1/RPMS/phpgroupware-0.9.14.006-0.1mdk.noarch.rpm
c9dfffb31a2a1c344b8c67cde7fe69ec  x86_64/corporate/2.1/SRPMS/phpgroupware-0.9.14.006-0.1mdk.src.rpm

CS2.1 i586

 1d37698772164d1b7dea99c0aa2ffff0  corporate/2.1/RPMS/phpgroupware-0.9.14.006-0.1mdk.noarch.rpm
8646f3f726aa1a339228add0b3f9e880  corporate/2.1/SRPMS/phpgroupware-0.9.14.006-0.1mdk.src.rpm

9.0 i586

 3b6683106c78a61f734fab8126ab6744  9.0/RPMS/phpgroupware-0.9.14.006-0.1mdk.noarch.rpm
d9e56f354b6284a266dad2772e7885e4  9.0/SRPMS/phpgroupware-0.9.14.006-0.1mdk.src.rpm

8.2 i586

 226bcd29ec917089b4e65dfa1265f765  8.2/RPMS/phpgroupware-0.9.14.006-0.1mdk.noarch.rpm
68134085bff4f58997c2de32f434c0de  8.2/SRPMS/phpgroupware-0.9.14.006-0.1mdk.src.rpm

9.1 i586

 c3279ce51965449df7bdf747ff608f5a  ppc/9.1/RPMS/phpgroupware-0.9.14.006-0.1mdk.noarch.rpm
6ca256444ef59dff9cd74e4a00ec12a0  ppc/9.1/SRPMS/phpgroupware-0.9.14.006-0.1mdk.src.rpm

8.2 i586

 b4f3a11af929f95cdf934280c86a3bee  ppc/8.2/RPMS/phpgroupware-0.9.14.006-0.1mdk.noarch.rpm
cb78382d8c721e7aa9b984d61b9528b4  ppc/8.2/SRPMS/phpgroupware-0.9.14.006-0.1mdk.src.rpm

References

• http://www.security-corporation.com/articles-20030702-005.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0504
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0582