Debian Security Advisory DSA 989-1 (zoph) Network Vulnerability

Summary

The remote host is missing an update to zoph announced via advisory DSA 989-1. Neil McBride discovered that Zoph, a web based photo management system performs insufficient sanitising for input passed to photo searches, which may lead to the execution of SQL commands through a SQL injection attack. The old stable distribution (woody) does not contain zoph packages.

Solution

For the stable distribution (sarge) this problem has been fixed in version 0.3.3-12sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.5-1. We recommend that you upgrade your zoph package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20989-1

Severity

Classification

CVE CVE-2006-0402

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1026-1 (sash)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
Debian Security Advisory DSA 029-1 (proftpd)
Debian Security Advisory DSA 047-1 (various kernel packages)
Debian Security Advisory DSA 009-1 (stunnel)

Take action and discover your vulnerabilities