PHPGroupWare ACL_Check Vulnerability
BID:12237
Info
PHPGroupWare ACL_Check Vulnerability
| Bugtraq ID: | 12237 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 13 2004 12:00AM |
| Updated: | Jan 13 2004 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Caeies. |
| Vulnerable: |
PHPGroupWare PHPGroupWare 0.9.16 RC2 PHPGroupWare PHPGroupWare 0.9.16 RC1 |
| Not Vulnerable: |
PHPGroupWare PHPGroupWare 0.9.16 RC3 |
Discussion
PHPGroupWare ACL_Check Vulnerability
phpGroupWare is reportedly affected by a vulnerability with regards to the 'acl_check' function. This issue is present because the function always returns true. This would presumably bypass the access control lists present in the application.
It is reported that phpGroupWare 0.9.16RC2 is vulnerable; earlier versions may also be affected.
phpGroupWare is reportedly affected by a vulnerability with regards to the 'acl_check' function. This issue is present because the function always returns true. This would presumably bypass the access control lists present in the application.
It is reported that phpGroupWare 0.9.16RC2 is vulnerable; earlier versions may also be affected.
Exploit / POC
PHPGroupWare ACL_Check Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
PHPGroupWare ACL_Check Vulnerability
Solution:
The vendor has reportedly addressed this issue is phpGroupWare 0.9.16RC3 and later.
PHPGroupWare PHPGroupWare 0.9.16 RC2
PHPGroupWare PHPGroupWare 0.9.16 RC1
Solution:
The vendor has reportedly addressed this issue is phpGroupWare 0.9.16RC3 and later.
PHPGroupWare PHPGroupWare 0.9.16 RC2
-
PHPGroupWare PHPGroupWare 0.9.16.005
http://download.phpgroupware.org/now
PHPGroupWare PHPGroupWare 0.9.16 RC1
-
PHPGroupWare PHPGroupWare 0.9.16.005
http://download.phpgroupware.org/now
References
PHPGroupWare ACL_Check Vulnerability
References:
References:
- bug #7227 overview: Webdav problem with acl_checks (PHPGroupWare)
- PHPGroupWare Homepage (PHPGroupWare)