GLSA
Bodhisattva
Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
|
 Posted: Mon Dec 13, 2004 9:11 am Post subject: [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: PHProjekt: setup.php vulnerability (GLSA 200412-06)
Severity: normal
Exploitable: remote
Date: December 10, 2004
Bug(s): #73021
ID: 200412-06
Synopsis
PHProjekt contains a vulnerability in the setup procedure allowing remote
users without admin rights to change the configuration.
Background
PHProjekt is a modular groupware web application used to
coordinate group activities and share files.
Affected Packages
Package: www-apps/phprojekt
Vulnerable: < 4.2-r1
Unaffected: >= 4.2-r1
Architectures: All supported architectures
Description
Martin Muench, from it.sec, found a flaw in the setup.php file.
Impact
Successful exploitation of the flaw allows a remote attacker
without admin rights to make unauthorized changes to PHProjekt
configuration.
Workaround
As a workaround, you could replace the existing setup.php file in
PHProjekt root directory by the one provided on the PHProjekt Advisory
(see References).
Resolution
All PHProjekt users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1" |
References
PHProjekt Advisory
Last edited by GLSA on Wed Aug 06, 2014 4:18 am; edited 3 times in total |
|
News & Announcements
