Soluções para vulnerabilidades

O Exame Periódico de Vulnerabilidade do Nimsoft Cloud Monitor verifica a vulnerabilidade abaixo. Para ver as soluções para vulneralidades adicionadas mais recentemente que são examinadas pelo WatchMouse, acesse a visão geral das Soluções para vulnerabilidades

Categoria: CGI abuses Fator de risco: High Adicionado: 11 Mar 2010
Synopsis:

The remote web server contains a CGI script that can be abused to execute arbitrary commands.

Description:

The version of eGroupWare hosted on the remote web server fails to sanitize user-supplied input to the 'spellchecker_lang' parameter of the 'spellchecker.php' script before passing it to a shell.

An unauthenticated remote attacker can leverage this issue to execute arbitrary commands subject to the privileges under which the web server operates.

Note that the install likely has a similar issue involving another script parameter, although Scanner has not checked for that.

See also:

http://www.egroupware.org/viewvc/egroupware?view=rev&revision=29423
http://www.egroupware.org/viewvc/egroupware?view=rev&revision=29422
http://www.egroupware.org/news?category_id=95&item=93

Solution:

Upgrade to eGroupWare 1.6.003 / eGroupWare version EPL 9.1.20100309 /
9.2.20100309 or later.

Risk factor:

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)