Debian Security Advisory DSA 1459-1 (gforge) Network Vulnerability

Summary

The remote host is missing an update to gforge announced via advisory DSA 1459-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201459-1

Insight

It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch4. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5. For the unstable distribution (sid), this problem has been fixed in version 4.6.99+svn6330-1. We recommend that you upgrade your gforge packages.

Severity

Classification

CVE CVE-2008-0173

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 005-1 (slocate)
Debian Security Advisory DSA 058-1 (exim)
Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
Debian Security Advisory DSA 108-1 (wmtv)
Debian Security Advisory DSA 047-1 (various kernel packages)

Take action and discover your vulnerabilities