lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1113967140_19354@S2.cableone.net>
Date: Tue, 19 Apr 2005 21:55:05 -0500
From: "GulfTech Security Research" <security@...ftech.org>
To: <bugtraq@...urityfocus.com>, "OSVDB" <moderators@...db.org>,
	"Secunia Research" <vuln@...unia.com>
Subject: Multiple eGroupware Vulnerabilities




##########################################################
# GulfTech Security Research             April 20th, 2005
##########################################################
# Vendor  : eGroupware
# URL     : http://www.egroupware.org/
# Version : Versions Prior To 1.0.0.007
# Risk    : Multiple Vulnerabilities
##########################################################



Description:
eGroupware is a very popular open source web based collaboration
software that can be used within an intranet, or externally via 
the internet to build a community and/or help coordinate large 
projects. eGroupware also comes pre packaged in some linux 
distributions. GulfTech Security Research has found a few high 
risk SQL Injection vulnerabilities as well as Cross Site Scripting 
vulnerabilities. A new version of eGroupware is now available and 
all eGroupware users should upgrade immediately. Not only does the 
new eGroupware release address these security issues, but it also 
includes a number of important bugfixes!



Cross Site Scripting:
Cross site scripting exists in eGroupware. This vulnerability 
exists due to user supplied input not being checked properly.
Below are examples that can be used for reference.

http://egroupware/index.php?menuaction=addressbook.uiaddressbook.edit&ab_id=
11[XSS]
http://egroupware/index.php?menuaction=manual.uimanual.view&page=ManualAddre
ssbook[XSS]
http://egroupware/index.php?menuaction=forum.uiforum.post&type=new[XSS]
http://egroupware/wiki/index.php?page=RecentChanges[XSS]
http://egroupware/wiki/index.php?action=history&page=WikkiTikkiTavi&lang=en[
XSS]
http://egroupware/index.php?menuaction=wiki.uiwiki.edit&page=setup[XSS]
http://egroupware/sitemgr/sitemgr-site/?category_id=4[XSS]

This vulnerability could be used to steal cookie based authentication 
credentials within the scope of the current domain, or render hostile 
code in a victim's browser.



SQL Injection:
There are a number of SQL Injection vulnerabilities in eGroupware. 
These issues can be used by an attacker to retrieve sensitive 
information from the underlying database and aid in further attacks. 
Examples below

http://egroupware/tts/index.php?filter=u99[SQL]
http://egroupware/tts/index.php?filter=c99[SQL]
http://egroupware/index.php?menuaction=preferences.uicategories.index&cats_a
pp=foobar[SQL]

We will not be releasing any exploited code as requested by the 
developers but these issues are not hard to exploit and all users 
should upgrade immediately.



Solution:
eGroupware 1.0.0.007 has been released to address these issues, and 
users can finfd the updated packages at the following location.

http://sourceforge.net/project/showfiles.php?group_id=78745

Special thanks to Mr Ralf Becker and the rest of the eGroupware team
for addressing these issues fairly quickly despite the recent constitution 
and admin elections etc.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00069-04202005



Credits:
James Bercegay of the GulfTech Security Research Team

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.17 - Release Date: 4/19/2005
 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ