Detections
Analytics
Mandriva Linux Security Advisory : egroupware (MDVSA-2014:104)
medium Nessus Plugin ID 74082
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Updated egroupware packages fix security vulnerabilities :eGroupWare before 1.8.007 allows logged in users with administrative priviledges to remotely execute arbitrary commands on the server. It is also vulnerable to a cross site request forgery vulnerability that allows creating new administrative users.
Solution
Update the affected packages.See Also
http://www.egroupware.org/changelog
https://www.egroupware.org/en/egroupware-support/egroupware-forum/#nabble-td3997580
Plugin Details
Severity: Medium
ID: 74082
File Name: mandriva_MDVSA-2014-104.nasl
Version: 1.8
Type: local
Family: Mandriva Local Security Checks
Published: 5/19/2014
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:egroupware, p-cpe:/a:mandriva:linux:egroupware-bookmarks, p-cpe:/a:mandriva:linux:egroupware-calendar, p-cpe:/a:mandriva:linux:egroupware-developer_tools, p-cpe:/a:mandriva:linux:egroupware-egw-pear, p-cpe:/a:mandriva:linux:egroupware-emailadmin, p-cpe:/a:mandriva:linux:egroupware-felamimail, p-cpe:/a:mandriva:linux:egroupware-filemanager, p-cpe:/a:mandriva:linux:egroupware-gallery, p-cpe:/a:mandriva:linux:egroupware-importexport, p-cpe:/a:mandriva:linux:egroupware-infolog, p-cpe:/a:mandriva:linux:egroupware-manual, p-cpe:/a:mandriva:linux:egroupware-news_admin, p-cpe:/a:mandriva:linux:egroupware-notifications, p-cpe:/a:mandriva:linux:egroupware-phpbrain, p-cpe:/a:mandriva:linux:egroupware-phpsysinfo, p-cpe:/a:mandriva:linux:egroupware-polls, p-cpe:/a:mandriva:linux:egroupware-projectmanager, p-cpe:/a:mandriva:linux:egroupware-registration, p-cpe:/a:mandriva:linux:egroupware-sambaadmin, p-cpe:/a:mandriva:linux:egroupware-sitemgr, p-cpe:/a:mandriva:linux:egroupware-syncml, p-cpe:/a:mandriva:linux:egroupware-timesheet, p-cpe:/a:mandriva:linux:egroupware-tracker, p-cpe:/a:mandriva:linux:egroupware-wiki, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/16/2014
Reference Information
MDVSA: 2014:104