Debian Security Advisory DSA 898-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 17th, 2005 http://www.debian.org/security/faq
Package : phpgroupware
Vulnerability : programming errors
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-0870 CVE-2005-3347 CVE-2005-3348
Debian Bug : 301118
Several vulnerabilities have been discovered in phpsysinfo, a
PHP based host information application. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2005-0870
Maksymilian Arciemowicz discoverd several cross site scripting
problems, of which not all were fixed in DSA 724.
CVE-2005-3347
Christopher Kunz discovered that local variables get overwritten
unconditionally and are trusted later, which could lead to the
inclusion of arbitrary files.
CVE-2005-3348
Christopher Kunz discovered that user-supplied input is used
unsanitised, causing a HTTP Response splitting problem.
For the old stable distribution (woody) these problems have been
fixed in version 0.9.14-0.RC3.2.woody5.
For the stable distribution (sarge) these problems have been
fixed in version 0.9.16.005-3.sarge4.
For the unstable distribution (sid) these problems have been
fixed in version 0.9.16.008-2.
We recommend that you upgrade your phpgroupware packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody5.dsc
Size/MD5 checksum: 1648
b566e2f51056fa8ac7d8b251d7a96ff9
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody5.diff.gz
Size/MD5 checksum: 450241
6eeab6967838532bd4ff397e3594de18
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz
Size/MD5 checksum: 8356188
22e715d0884d09aa848d694701a85b6b
Architecture independent components:
Size/MD5 checksum: 79298
c2b985d562329e5dadaa007053b13b0d
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 142622
c5773f488d74e817e3dd017f7d63f396
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 283750
026bc3f52bdf4cfb9e89396b1d658f05
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 2110096
d07c843fe0dc2f56c908ab62a7c3932f
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 40660
95ba9a9bc2a615a0f4fbec5de1af138d
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 121642
aa2250a0f423b29960a859ceca8f536a
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 63996
a5adeb85c78d0b0d934a4c3d89533120
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 224328
8ff4ae362e2943bf5723f3b452e38874
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 19520
a0ad48a10a9ef92b21385dac1647951c
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 60344
5c914d9839df514a7797b66e03abcb34
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 326802
f6dbeb5cfd3f1e8fcd30577d74e0c3a3
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 89716
46184743bb37272b7575fefe07769e5f
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 19506
9bee51413e1d2e7e233d72320d974648
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 41384
c7b071fd0896d64c90c85f034ead73ec
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 45948
5d7b9021bbe8645e376b652e321a2864
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 47580
274aa69642d97f7eae830e5a2f8853a5
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 313796
a8fcc446290f7ca6d8770a5cf6d133b5
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 37968
a339be1b0b48c3f25d0c13685ec32c94
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 48320
d580900a62cfc91c6ed00c28dac23de3
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 39984
8c59ea1ecf380674e2af66120b3fcb72
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 59948
76b9143103e8f3496dd9ad58790039f8
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 24306
ba9f2259950afb73c3617e52945f933f
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 39250
72811641f7f714455dc8216ae3ad470f
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 93448
44146630a16580e20eb511ddb710d9ac
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 89894
e3c507eeffe88fb1e0dfccb3678a81f7
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 93100
f87c371b8b37455f5d3766d65e081cbe
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 30260
9294cbfad065ca30240a25cca10ab1c5
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 26678
07d0ae30f508575cd66b820b7be8d617
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 32100
77281a49f092426a3d68d55d0df67256
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 45032
7ff68e4368db0ae58a26dccc6095f762
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 27724
415876cf611fb4d676785923b3dd4d7b
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 22260
71f59501cb31e2ac155dda3533f8d8a0
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 35596
0432bcee4145c34c13b83c1a097b04cc
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 62238
12c217f1885578d005eeb778ae874048
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 30190
41f6d69d69ebd5d1cf13c61cc8795790
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 46148
de949dd6cd41c6817c40af466d5b2ea2
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 86830
d3228f43e0c7e93cb249e7aa06707985
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 36458
a81bab670414b8f322b0700694deca6e
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 273064
fb1749a7609c2d858388f01c421e4950
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 31440
a88512cf06f4bac46cf0ad8a6f2ed046
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 23096
d7b9db3f1fe52ccb69a91db466ada9da
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 27168
30abd675055b16e1867fc47b7f9f0f03
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 43666
f395710610352fa8bb0992473e03e84e
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 46672
39d14cff54c5dc978d87d77705f6fa64
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 28112
76da6ba398ed66d7819e2bb54a1a5dc5
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 498832
92956b14cbe894dce47ca3a792399258
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 74958
dd01b3381e6de01f5f484bd3a4e116fe
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody5_all.deb
Size/MD5 checksum: 26246
d5e2072c9d0ee92112b45aadf393b002
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge4.dsc
Size/MD5 checksum: 1613
a7a22d0059c9e0fbe9dc6a180dda1861
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge4.diff.gz
Size/MD5 checksum: 36821
24b9ee58c7351e5ad759004f3de64850
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
Size/MD5 checksum: 19442629
5edd5518e8f77174c12844f9cfad6ac4
Architecture independent components:
Size/MD5 checksum: 176708
22ff5daa5c3da9c4359458958c4a8210
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 186486
61ff479a17df309769400555758b4be4
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 101110
0f5158dbadf4074335dae1dac8d9322c
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 324210
0b831eb86b630d98548a32ef86e9742e
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 23338
b5cbabc134dc0bdd7584d05e8cf1ca93
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 434332
9255e255e3737fe45f7358301a8354f5
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 6630
80771055932dada464c017bd8ec937ef
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 33450
19b7940ea349f48bcc76db69a4177888
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 42902
5f25541a98e5837d5ed0f580449436e3
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 50592
a810c608dca20a544adce8957294ad6e
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 1118084
13f46335c0dbbb4909d31862a3a92aac
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 1329600
fe31f9dd77a2c463eb71aff88f5984e6
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 180306
516269d09dbfa8a503cf8899179815f9
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 91738
8079e7b3f16ac9d269da155a77176d8b
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 166508
4fe6e827ca8a0a64147d893ef43ae17d
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 45692
52ec682c7169801d202dc0afcc7b9f1f
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 36540
2ab8e0f4bc0cc176153cec4b0ef8bbb8
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 1355886
87aca5504ca5aeac4219e7731371a510
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 64042
df3b3d21b61791d4cf3e1eee415c25dc
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 18964
3b4387bf2556061ecdb1456ae3925ac8
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 8716
c539c846f5547756b8aa53f6cba1c4a3
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 136528
2a2557b6feabe846ddff1a301d7875de
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 90760
674ab476f67efe8badd90ece9a8a0f61
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 26118
aa5d5a23f20c79c14bc9a6849370ff14
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 41436
003c97150c1da9f3812521f2277ec433
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 47062
505cbe3eaabc0838e33445ba313ab0f5
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 35086
c5e785e89763701bb63782b061c2089b
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 20822
88ef1cba9d2f8d3814d95e4b18c7c3ea
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 40298
04c2444dd4ebc34a70541eaad89e477c
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 9678082
4176bb65f06984af183ea98f38ddb628
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 116710
b500b5681e3ad9c7fb9e58ee6355815b
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 31650
a69d663710889a65c5e00445da2bb15f
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 59750
74e816593527a8db61e6ade7696fe6d7
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 120450
e812184d80be8ce7e4a5d52582ef268b
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 23616
2d0a6db5dc08631a4149366294c25036
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 30070
f4220aec25d9dc4f857c93e29d9b8585
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 267402
2cd8c3e2bd2ebcdb1f47cb7fb69419f7
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 902722
906af3e7dc66fe42d796e4317c238781
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 19312
41653329553a614b6d073583f28df0c4
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 24152
a900899343d5a0f95490eda6c6798cce
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 22094
711877afe59a6dd5c3cf500ff40f0285
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 50388
979958e0910ab1428b88d6146be42d7f
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 55902
3932ef425f1f9959a8943d2e6457f54c
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 70444
544f88a951610a6b673371f0963cba21
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 63086
7c95449de2e66de06b3f4c763e9de168
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge4_all.deb
Size/MD5 checksum: 156300
4eb60f3560ba1a52265edab63c6f8f2b
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 899-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 17th, 2005 http://www.debian.org/security/faq
Package : egroupware
Vulnerability : programming errors
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-0870 CVE-2005-2600 CVE-2005-3347
CVE-2005-3348
CERT advisory :
BugTraq ID :
Debian Bug : 301118
Several vulnerabilities have been discovered in egroupware, a
web-based groupware suite. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2005-0870
Maksymilian Arciemowicz discoverd several cross site scripting
problems in phpsysinfo, which are also present in the imported
version in egroupware and of which not all were fixed in DSA
724.
CVE-2005-2600
Alexander Heidenreich discovered a cross-site scripting problem
in the tree view of FUD Forum Bulletin Board Software, which is
also present in egroupwre and allows remote attackers to read
private posts via a modified mid parameter.
CVE-2005-3347
Christopher Kunz discovered that local variables get overwritten
unconditionally in phpsyinfo, which are also present in egroupware,
and are trusted later, which could lead to the inclusion of
arbitrary files.
CVE-2005-3348
Christopher Kunz discovered that user-supplied input is used
unsanitised in phpsyinfo and imported in egroupware, causing a HTTP
Response splitting problem.
The old stable distribution (woody) does not contain egroupware
packages.
For the stable distribution (sarge) this problem has been fixed
in version 1.0.0.007-2.dfsg-2sarge4.
For the unstable distribution (sid) this problem has been fixed
in version 1.0.0.009.dfsg-3-3.
We recommend that you upgrade your egroupware packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4.dsc
Size/MD5 checksum: 1285
449d8b4bde8bf1dc1c631494202eb25e
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4.diff.gz
Size/MD5 checksum: 51025
d39172a3463bbd6ed00a6a60144e3d63
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
Size/MD5 checksum: 12699187
462f5ea377c4d0c04f16ffe8037b9d6a
Architecture independent components:
Size/MD5 checksum: 149230
8280813d30413ef7e69de8a2989fb113
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 125392
a2df436b22449238c653c802853cedff
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 382492
c564a217b20493a1e9b7497b714b2262
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 256280
3022f0747e5d8dc85837ab157af683a7
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 3775666
36bec6ef46c59d25e96ffc36d3419786
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 53672
e87974d6a00a4d758104e1b68537bd9b
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 1244206
6e24cc9703e8c69e2fc07f3443426f7d
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 38350
d6e7c9418dc5696b749d449fd114a15e
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 1363478
63b81dcba0cc99ad26162b64ba2a1c8c
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 275628
eacca4272ab0f1828cd0bd7352c9413f
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 173094
64eb2a65554489ba03ac1479db0ddc47
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 51562
68cf162c3324aaced4519599bec60d68
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 38250
65d021a72386ed85c217ae612ebd5e83
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 1486862
18094d976509c921b78e3e01fc313312
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 75140
96512f31443e519575c94d1dfb386ed0
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 202506
6adf39fd70f93873cd6554d0f469d0f7
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 205248
a945d00ac04c1c76b41fb2ff5db391ac
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 7370
42d511df268a9e864e6f867c0e2d8081
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 17538
89321a3b1c8c6612b395c6d6515c1286
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 32368
fc3129399a64f779762819b716516a86
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 50944
c71e4c13d4a393d9951e2fcb035ff8c2
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 119504
84b23749d99e6e2e2f9d5f39d1fb47f9
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 139804
0d87c2cf76ab9034157f7905da34566c
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 116272
c3969cf32b9a2141ff8a42ec53b17fbf
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 36310
a973e7298514a49dd03b70bf3d558a6a
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 302504
362a4e8f6c7e274dc0d34540d15780f7
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 100064
c96c69d63cccae50277249a4489457cd
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 486812
d1700a733832ccdaec3a3fe39efbcfe5
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 26742
d8283f02ae03fe9843e905bfc69c11e9
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 92876
4f9113de1a430994cf1716f773606fc2
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 92820
17fd81ad731b8b0c505a8c5584a0c758
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4_all.deb
Size/MD5 checksum: 4624
323682be7276c562490b6ba3c62c60e9
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Mandriva Linux Security Advisory MDKSA-2005:213
http://www.mandriva.com/security/
Package : php
Date : November 16, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi
Network Firewall 2.0
Problem Description:
A number of vulnerabilities were discovered in PHP:
An issue with fopen_wrappers.c would not properly restrict
access to other directories when the open_basedir directive
included a trailing slash (CVE-2005-3054); this issue does not
affect Corporate Server 2.1.
An issue with the apache2handler SAPI in mod_php could allow an
attacker to cause a Denial of Service via the session.save_path
option in an .htaccess file or VirtualHost stanza (CVE-2005-3319);
this issue does not affect Corporate Server 2.1.
A Denial of Service vulnerability was discovered in the way that
PHP processes EXIF image data which could allow an attacker to
cause PHP to crash by supplying carefully crafted EXIF image data
(CVE-2005-3353).
A cross-site scripting vulnerability was discovered in the
phpinfo() function which could allow for the injection of
javascript or HTML content onto a page displaying phpinfo() output,
or to steal data such as cookies (CVE-2005-3388).
A flaw in the parse_str() function could allow for the enabling
of register_globals, even if it was disabled in the PHP
configuration file (CVE-2005-3389).
A vulnerability in the way that PHP registers global variables
during a file upload request could allow a remote attacker to
overwrite the $GLOBALS array which could potentially lead the
execution of arbitrary PHP commands. This vulnerability only
affects systems with register_globals enabled (CVE-2005-3390).
The updated packages have been patched to address this issue.
Once the new packages have been installed, you will need to restart
your Apache server using “service httpd restart” in order for the
new packages to take effect (“service httpd2-naat restart” for
MNF2).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
http://www.hardened-php.net/advisory_202005.79.html
http://www.hardened-php.net/advisory_192005.78.html
http://www.hardened-php.net/advisory_182005.77.html
Updated Packages:
Mandriva Linux 10.1:
3966e335bc3a2ae6dffbbc8e83575865
10.1/RPMS/libphp_common432-4.3.8-3.6.101mdk.i586.rpm
199fa9e0baf46bda77e660555626ed4e
10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.i586.rpm
05ef30fa2004ffd60f4519fd41a444e3
10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.i586.rpm
fe48fbbb47b3bcdab5054ffdd2067b6a
10.1/RPMS/php-cli-4.3.8-3.6.101mdk.i586.rpm
90b47f8c1515b5043d513db11d6607ca
10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
9fe206e55dca158523dab0a85f1a5dec
x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.6.101mdk.x86_64.rpm
d36a3e7f90980388196aa58b6dbb94af
x86_64/10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.x86_64.rpm
416b3bacf2b57f1a9cae5ca172e39135
x86_64/10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.x86_64.rpm
0c27298aadb7d0a847a93316ce4d9d57
x86_64/10.1/RPMS/php-cli-4.3.8-3.6.101mdk.x86_64.rpm
90b47f8c1515b5043d513db11d6607ca
x86_64/10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm
Mandriva Linux 10.2:
e972e5e5cadb586a390a39bffa1cb56e
10.2/RPMS/libphp_common432-4.3.10-7.4.102mdk.i586.rpm
c26646613d41a7f3e82b5d2d11c21b7c
10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.i586.rpm
098e0a1e4b8b597bf95461fc085c037a
10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.i586.rpm
99f0eaa02942f7b6753309ca56979100
10.2/RPMS/php-cli-4.3.10-7.4.102mdk.i586.rpm
7df363e2e2309ec26b40c3490a0d75ae
10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
d9d33311690b0c5f69e3834a5ba6bc10
x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.4.102mdk.x86_64.rpm
f5d2b45ace0ab4208ba911159a47e429
x86_64/10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.x86_64.rpm
0c7e0acb3bd80a9a7220ecf919b3d795
x86_64/10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.x86_64.rpm
7df6f5a5b19c07e9fa3d6851f210f847
x86_64/10.2/RPMS/php-cli-4.3.10-7.4.102mdk.x86_64.rpm
7df363e2e2309ec26b40c3490a0d75ae
x86_64/10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm
Mandriva Linux 2006.0:
826c36fdb07b7c341a39507b679e31a9
2006.0/RPMS/libphp5_common5-5.0.4-9.1.20060mdk.i586.rpm
2be5d91979fa3c8f77744a86fee8a423
2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.i586.rpm
950c43ac1569610fa31b15803fc50d40
2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.i586.rpm
1a19b2cc5607bf65c3fe7a339f97ce72
2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.i586.rpm
e8d70f64d363821fe29e7cf39e93cd71
2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.i586.rpm
fe70481a5316019e303e45e5f0e59adb
2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.i586.rpm
9c6a477d87cebf040cee39b75423c040
2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
f2b058c92a3c2107f97a4b07d34dc1c8
2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
044e1542f327cf7552fa4d4124843f1f
x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.1.20060mdk.x86_64.rpm
60f4edc9196ea58d9614c3f2ed66a9f6
x86_64/2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.x86_64.rpm
9f6c1eb1a1da44518993957d13eb10bf
x86_64/2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.x86_64.rpm
3c5d616931098f198eeb0f41011144aa
x86_64/2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.x86_64.rpm
d16ba71605fc37881443605025534440
x86_64/2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.x86_64.rpm
0f10f24c8b43317904a79ac66f0405de
x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.x86_64.rpm
9c6a477d87cebf040cee39b75423c040
x86_64/2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
f2b058c92a3c2107f97a4b07d34dc1c8
x86_64/2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm
Corporate Server 2.1:
18b1c4dab517ae624ee96b7558112d84
corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.i586.rpm
25e79b0cbb0b1ed8c0915db93efe7863
corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.i586.rpm
c818089e5fe42953da5ca48855c52a39
corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.i586.rpm
aaafac3f547795f1e4ab50094fb05bb8
corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.i586.rpm
590fd7d0a4340ac62e443a1c1543fe60
corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d3ad20980ced617
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.