Fedora EPEL 6 update for glpi

1) SQL injection

EUVDB-ID: #VU41673

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-2226

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 6.0

glpi: before 0.83.9.1-1.el6

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:glpi:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-10581

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU41606

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2013-2225

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. Per: http://cwe.mitre.org/data/definitions/502.html "CWE-502: Deserialization of Untrusted Data"

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 6.0

glpi: before 0.83.9.1-1.el6

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:glpi:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-10581

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Input validation error

EUVDB-ID: #VU35121

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2013-2227

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

GLPI 0.83.7 has Local File Inclusion in common.tabs.php.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 6.0

glpi: before 0.83.9.1-1.el6

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:6.0:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:glpi:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-10581

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.