Debian Security Advisory DSA 842-1 (egroupware) Network Vulnerability

Summary

The remote host is missing an update to egroupware announced via advisory DSA 842-1. Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval() statements. The old stable distribution (woody) does not contain egroupware packages.

Solution

For the stable distribution (sarge) this problem has been fixed in version 1.0.0.007-2.dfsg-2sarge2. For the unstable distribution (sid) this problem has been fixed in version 1.0.0.009.dfsg-1. We recommend that you upgrade your egroupware packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20842-1

Severity

Classification

CVE CVE-2005-2498
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1099-1 (horde2)
Debian Security Advisory DSA 1141-1 (gnupg2)
Debian Security Advisory DSA 1077-1 (lynx-ssl)
Debian Security Advisory DSA 1032-1 (zope-cmfplone)
Debian Security Advisory DSA 1154-1 (squirrelmail)

Take action and discover your vulnerabilities