Debian update for phpldapadmin.
Versions: phpldapadmin/126.96.36.199-6+lenny1, phpldapadmin/188.8.131.52-2
All versions of phpldapadmin - all released versions as of today are vulnerable to a remote code execution bug.
Two vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers.
Input appended to the URL in cmd.php (when "cmd" is set to "_debug") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code.
For the oldstable distribution (lenny), these problems have been fixed in version 184.108.40.206-6+lenny2.
For the stable distribution (squeeze), these problems have been fixed in version 220.127.116.11-2+squeeze1.
For the testing distribution (wheezy), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 18.104.22.168-2.1.
Debian has issued an update for phpldapadmin.
Update to or Debian packages download.