You are here

U-023: Debian update for phpldapadmin

October 31, 2011 - 10:15am

Addthis

PROBLEM:

Debian update for phpldapadmin.

PLATFORM:

Versions: phpldapadmin/1.1.0.5-6+lenny1, phpldapadmin/1.2.0.5-2

ABSTRACT:

All versions of phpldapadmin - all released versions as of today are vulnerable to a remote code execution bug.

reference LINKS:

Secunia Advisory SA46672
DSA-2333-1 phpldapadmin
Debian Bug Report
Source Package phpldapadmin
CVE-2011-4074
CVE-2011-4075

IMPACT ASSESSMENT:

High

Discussion:

Two vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers.

Input appended to the URL in cmd.php (when "cmd" is set to "_debug") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
CVE-2011-4074
Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code.
CVE-2011-4075

Impact:

For the oldstable distribution (lenny), these problems have been fixed in version 1.1.0.5-6+lenny2.
For the stable distribution (squeeze), these problems have been fixed in version 1.2.0.5-2+squeeze1.
For the testing distribution (wheezy), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 1.2.0.5-2.1.

Solution:

Debian has issued an update for phpldapadmin.
Update to or Debian packages download.

Addthis