PHPGroupWare User Creation Access Control Vulnerability
BID:12215
Info
PHPGroupWare User Creation Access Control Vulnerability
| Bugtraq ID: | 12215 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2004 12:00AM |
| Updated: | Mar 29 2004 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Caeies. |
| Vulnerable: |
PHPGroupWare PHPGroupWare 0.9.16 RC3 PHPGroupWare PHPGroupWare 0.9.16 RC2 PHPGroupWare PHPGroupWare 0.9.16 RC1 PHPGroupWare PHPGroupWare 0.9.16 .000 |
| Not Vulnerable: |
PHPGroupWare PHPGroupWare 0.9.16 .005 |
Discussion
PHPGroupWare User Creation Access Control Vulnerability
phpGroupWare is reportedly affected by a vulnerability in regards to 'class.vfs_dav.inc.php' failing to create .htaccess files. This could lead to directories being remotely accessible to any Web user, possibly revealing sensitive or private information.
phpGroupWare is reportedly affected by a vulnerability in regards to 'class.vfs_dav.inc.php' failing to create .htaccess files. This could lead to directories being remotely accessible to any Web user, possibly revealing sensitive or private information.
Exploit / POC
PHPGroupWare User Creation Access Control Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
PHPGroupWare User Creation Access Control Vulnerability
Solution:
The vendor has reportedly addressed this issue in the latest CVS release. Symantec recommends upgrading to the latest version available from the phpGroupWare Project, currently phpGroupWare 0.9.16.005.
PHPGroupWare PHPGroupWare 0.9.16 .000
PHPGroupWare PHPGroupWare 0.9.16 RC2
PHPGroupWare PHPGroupWare 0.9.16 RC1
PHPGroupWare PHPGroupWare 0.9.16 RC3
Solution:
The vendor has reportedly addressed this issue in the latest CVS release. Symantec recommends upgrading to the latest version available from the phpGroupWare Project, currently phpGroupWare 0.9.16.005.
PHPGroupWare PHPGroupWare 0.9.16 .000
-
PHPGroupWare PHPGroupWare 0.9.16.005
http://download.phpgroupware.org/now
PHPGroupWare PHPGroupWare 0.9.16 RC2
-
PHPGroupWare PHPGroupWare 0.9.16.005
http://download.phpgroupware.org/now
PHPGroupWare PHPGroupWare 0.9.16 RC1
-
PHPGroupWare PHPGroupWare 0.9.16.005
http://download.phpgroupware.org/now
PHPGroupWare PHPGroupWare 0.9.16 RC3
-
PHPGroupWare PHPGroupWare 0.9.16.005
http://download.phpgroupware.org/now
References
PHPGroupWare User Creation Access Control Vulnerability
References:
References:
- bug #8359 overview: minor security problem in class.vfs_dav.inc.php (PHPGroupWare)
- PHPGroupWare Homepage (PHPGroupWare)