GLSA 200508-14: TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC

http://security.gentoo.org/

Severity:	high
Title:	TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
Date:	08/24/2005
Bugs:	#102374, #102377
ID:	200508-14

Synopsis

TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to arbitrary command execution.

Background

TikiWiki is a full featured Free Software Wiki, CMS and Groupware written in PHP. eGroupWare is a web-based collaboration software suite. Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC requests.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
www-apps/tikiwiki	< 1.8.5-r2	>= 1.8.5-r2	All supported architectures
www-apps/egroupware	< 1.0.0.009	>= 1.0.0.009	All supported architectures

Description

The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags.

Impact

A remote attacker could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document to TikiWiki or eGroupWare.

Workaround

There is no known workaround at this time.

Resolution

All TikiWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.8.5-r2"

All eGroupWare users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/egroupware-1.0.0.009"

References

CAN-2005-2498

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200508-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.