[UNIX] Security Hole in OS Groupware Suite PHProjekt Patched

From: support@securiteam.com
Date: 09/02/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [UNIX] Security Hole in OS Groupware Suite PHProjekt Patched
Message-Id: <20010902123920.0BC1E138BF@mail.der-keiler.de>
Date: Sun,  2 Sep 2001 14:39:20 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Security Hole in OS Groupware Suite PHProjekt Patched
------------------------------------------------------------------------

SUMMARY

 <http://www.PHProjekt.com/> PHProjekt is an open source groupware suite
written in PHP4 with mysql/postgres/oracle/informix/ms-sql database
support. A security vulnerability in the product allows attackers to gain
elevated access by modifying the ID numbers the program returns.

DETAILS

Vulnerable systems:
PHProjekt versions up until version 2.4a (not included)

Solution:
All respective actions are now checked for username and password
authenticity. Download the newest release 2.4a from the homepage:
 <http://www.PHProjekt.com/download/phprojekt.tar.gz>
http://www.PHProjekt.com/download/phprojekt.tar.gz

ADDITIONAL INFORMATION

The information has been provided by <mailto:ag@phprojekt.com> Albrecht
Guenther.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [Full-Disclosure] [ GLSA 200412-27 ] PHProjekt: Remote code execution vulnerability
    ... PHProjekt contains a vulnerability that allows a remote attacker to ... PHProjekt is a modular groupware web application used to coordinate ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Full-Disclosure)
  • [Full-Disclosure] [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability
    ... PHProjekt is a modular groupware web application used to coordinate ... admin rights to make unauthorized changes to PHProjekt configuration. ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Full-Disclosure)
  • [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability
    ... PHProjekt is a modular groupware web application used to coordinate ... admin rights to make unauthorized changes to PHProjekt configuration. ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Bugtraq)
  • [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability
    ... PHProjekt is a modular groupware web application used to coordinate ... admin rights to make unauthorized changes to PHProjekt configuration. ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Full-Disclosure)
  • [NEWS] SalesCart Database Storage Insecurity
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... struct sockaddr_in sin; ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)