Debian DSA-2333-1 : phpldapadmin - several vulnerabilities

high Nessus Plugin ID 56672

Synopsis

The remote Debian host is missing a security-related update.

Description

Two vulnerabilities have been discovered in phpLDAPadmin, a web-based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2011-4074 Input appended to the URL in cmd.php (when 'cmd' is set to '_debug') is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

- CVE-2011-4075 Input passed to the 'orderby' parameter in cmd.php (when 'cmd' is set to'query_engine', 'query' is set to 'none', and 'search' is set to e.g.'1') is not properly sanitised in lib/functions.php before being used in a'create_function()' function call. This can be exploited to inject and execute arbitrary PHP code.

Solution

Upgrade the phpldapadmin packages.

For the oldstable distribution (lenny), these problems have been fixed in version 1.1.0.5-6+lenny2.

For the stable distribution (squeeze), these problems have been fixed in version 1.2.0.5-2+squeeze1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646754

https://security-tracker.debian.org/tracker/CVE-2011-4074

https://security-tracker.debian.org/tracker/CVE-2011-4075

https://packages.debian.org/source/squeeze/phpldapadmin

https://www.debian.org/security/2011/dsa-2333

Plugin Details

Severity: High

ID: 56672

File Name: debian_DSA-2333.nasl

Version: 1.19

Type: local

Agent: unix

Published: 10/31/2011

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:phpldapadmin, cpe:/o:debian:debian_linux:6.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/31/2011

Vulnerability Publication Date: 11/2/2011

Exploitable With

Core Impact

Metasploit (phpLDAPadmin query_engine Remote PHP Code Injection)

Elliot (phpLDAPadmin 1.2.1.1 RCE)

Reference Information

CVE: CVE-2011-4074, CVE-2011-4075

BID: 50331

DSA: 2333