In association with heise online

01 September 2006, 09:27

Hole in phpGroupWare

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to reports from France's FrSIRT, a vulnerability has been located in phpGroupWare version and earlier that could allow files on the server to be spied on or even executed. A lack of filtering in the calendar/inc/ module enables manipulation of the phpgw_info[user][preferences][common][country] parameter. Access is only possible to files for which the web server possesses the required rights.

Similarly, a PHP script installed in this way will only run with the web server's rights – although those are often sufficient to perform a local privilege elevation to compromise completely the machine. The FrSIRT advisory does not indicate whether attackers must be registered to exploit the holes in the system.

Shortly after being informed of the problem, the developers made an update available for version in which the hole has been closed. Because an exploit is already in circulation, they urgently recommend installing the update. The exploit can only function if the register_globals = on and gpc_magic_quotes = off options have been instantiated.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit