phpSysInfo register_globals data manipulation

phpsysinfo-registerglobal-data-manipulation (23107) The risk level is classified as MediumMedium Risk

Description:

phpSysInfo could allow an attacker to manipulate data, execute arbitrary HTML and script code, or include arbitrary files from local resources. Certain arrays used in the register_globals emulation layer could be overwritten by a remote attacker. A remote attacker could exploit this vulnerability to manipulate data, execute arbitrary HTML and script code, or include arbitrary files from local resources.

Platforms Affected:

  • Debian, Debian Linux 3.0
  • Debian, Debian Linux 3.1
  • Gentoo, Linux
  • MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
  • MandrakeSoft, Mandrake Linux Corporate Server 3.0
  • SourceForge, PHPSysInfo 2.3 and prior

Remedy:

Upgrade to the latest version of phpSysInfo (2.4.1 or later), available from the phpSysInfo Web site. See References.

For Debian GNU/Linux:
Refer to DSA-899-1 and DSA-898-1 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-11-18 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Data Manipulation

References:

  • phpSysInfo Web page, phpSysInfo at http://phpsysinfo.sourceforge.net/.
  • BID-15396: PHPSysInfo Multiple Input Validation Vulnerabilities
  • BID-15414: PHPsysInfo Multiple Input Validation Vulnerabilities
  • CVE-2005-3347: Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
  • CVE-2005-3348: HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.
  • DSA-897: phpsysinfo -- programming errors
  • DSA-898: phpgroupware -- programming errors
  • DSA-899: egroupware -- programming errors
  • GLSA-200511-18: phpSysInfo: Multiple vulnerabilities
  • MDKSA-2005:212: Updated egroupware packages to address phpldapadmin
  • SA17441: phpSysInfo "register_globals" Emulation Layer Overwrite Vulnerability
  • SA17570: phpGroupWare Multiple Vulnerabilities
  • SA17620: eGroupWare Multiple Vulnerabilities

Reported:

Nov 11, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page