Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1921

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1921
Last Modified 07 Mar 2011 09:23:05
Published 05 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1921

Summary

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Vulnerable Systems

Application

  • Pear Xml Rpc 1.0.2

  • Pear Xml Rpc 1.0.3

  • Pear Xml Rpc 1.0.4

  • Pear Xml Rpc 1.1.0

  • Pear Xml Rpc 1.2.0

  • Pear Xml Rpc 1.2.0rc1

  • Pear Xml Rpc 1.2.0rc2

  • Pear Xml Rpc 1.2.0rc3

  • Pear Xml Rpc 1.2.0rc4

  • Pear Xml Rpc 1.2.0rc5

  • Pear Xml Rpc 1.2.0rc6

  • Pear Xml Rpc 1.2.0rc7

  • Pear Xml Rpc 1.2.1

  • Pear Xml Rpc 1.2.2

  • Pear Xml Rpc 1.3.0rc1

  • Pear Xml Rpc 1.3.0rc2

  • Pear Xml Rpc 1.3.0rc3


References

MANDRAKE - MDKSA-2005:109

MISC - http://www.gulftech.org/?node=research&article_id=00087-07012005

MISC - http://pear.php.net/package/XML_RPC/download/1.3.1

BUGTRAQ - 20050629 Advisory 02/2005: Remote code execution in Serendipity

VUPEN - ADV-2005-2827

HP - HPSBTU02083

MISC - http://www.hardened-php.net/advisory-022005.php

BID - 14088

REDHAT - RHSA-2005:564

SUSE - SUSE-SA:2005:049

SUSE - SUSE-SA:2005:041

SUSE - SUSE-SR:2005:018

CONFIRM - http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt

DEBIAN - DSA-789

DEBIAN - DSA-747

DEBIAN - DSA-746

DEBIAN - DSA-745

CONFIRM - http://www.ampache.org/announce/3_3_1_2.php

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=338803

CONFIRM - http://sourceforge.net/project/showfiles.php?group_id=87163

SECTRACK - 1015336

GENTOO - GLSA-200507-07

GENTOO - GLSA-200507-06

GENTOO - GLSA-200507-01

SECUNIA - 18003

SECUNIA - 17674

SECUNIA - 17440

SECUNIA - 16693

SECUNIA - 16339

SECUNIA - 16001

SECUNIA - 15957

SECUNIA - 15947

SECUNIA - 15944

SECUNIA - 15922

SECUNIA - 15917

SECUNIA - 15916

SECUNIA - 15904

SECUNIA - 15903

SECUNIA - 15895

SECUNIA - 15884

SECUNIA - 15883

SECUNIA - 15872

SECUNIA - 15861

SECUNIA - 15855

SECUNIA - 15852

SECUNIA - 15810

SUSE - SUSE-SA:2005:051

BUGTRAQ - 20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue

HP - SSRT051069


Last Updated: 27 May 2016 10:40:44