Otkrivene su dvije ranjivosti u radu programskog paketa phpldapadmin koje zlonamjerni napadači mogu iskoristiti za umetanje i proizvoljno pokretanje HTML, PHP i skriptnog koda.
Paket:
phpldapadmin 1.x
Operacijski sustavi:
Mandriva Linux Enterprise Server 5.0
Kritičnost:
6.8
Problem:
neodgovarajuća provjera ulaznih podataka, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda, umetanje HTML i skriptnog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4074, CVE-2011-4075
Izvorni ID preporuke:
MDVSA-2011:163
Izvor:
Mandriva
Problem:
Propusti su posljedica neodgovarajuće provjere ulaznih podataka u skripti cmd.php i pogreške u lib/functions.php.
Posljedica:
Zlonamjerni napadači mogu navedene ranjivosti iskoristiti za umetanje i proizvoljno pokretanje HTML, PHP i skriptnog koda.
Rješenje:
Svim korisnicima se preporuča nadogradnja programskog paketa.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:163
http://www.mandriva.com/security/
_______________________________________________________________________
Package : phpldapadmin
Date : November 2, 2011
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities was discovered and corrected in phpldapadmin:
Input appended to the URL in cmd.php \(when cmd is set to _debug\)
is not properly sanitised before being returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site (CVE-2011-4074).
Input passed to the orderby parameter in cmd.php \(when cmd is set
to query_engine, query is set to none, and search is set to e.g. 1\)
is not properly sanitised in lib/functions.php before being used in
a create_function() function call. This can be exploited to inject
and execute arbitrary PHP code (CVE-2011-4075).
The updated packages have been upgraded to the latest version (1.2.2)
which is not vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4075
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
aa5dbb658ad22b4444c9d96ebf5ab78e
mes5/i586/phpldapadmin-1.2.2-0.1mdvmes5.2.noarch.rpm
0d59873f81f0d993591b4037514768f2
mes5/SRPMS/phpldapadmin-1.2.2-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
81cdc948bada750eb85795dd4c274c9b
mes5/x86_64/phpldapadmin-1.2.2-0.1mdvmes5.2.noarch.rpm
0d59873f81f0d993591b4037514768f2
mes5/SRPMS/phpldapadmin-1.2.2-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOsQfumqjQ0CJFipgRAhleAJwJkSZR2Gn5Q6ABBvhLZbN8QNPCJACdEYE6
grZOe//V54FQwvoQmiF3a70=
=A9qX
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke