Debian Security Advisory DSA 1459-1 (gforge) Network Vulnerability

Summary

The remote host is missing an update to gforge announced via advisory DSA 1459-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201459-1

Insight

It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch4. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5. For the unstable distribution (sid), this problem has been fixed in version 4.6.99+svn6330-1. We recommend that you upgrade your gforge packages.

Severity

Classification

CVE CVE-2008-0173
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 089-1 (icecast-server)
Debian Security Advisory DSA 061-1 (gnupg)
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
Debian Security Advisory DSA 1004-1 (vlc)
Debian Security Advisory DSA 073-1 (imp)

Take action and discover your vulnerabilities