PHPXMLRPC and PEAR XML_RPC Remote Code Injection Vulnerability

Bugtraq ID: 14560
Class: Input Validation Error
CVE: CVE-2005-2498
Remote: Yes
Local: No
Published: Aug 15 2005 12:00AM
Updated: Jul 12 2009 05:06PM
Credit: Stefan Esser <sesser@hardened-php.net> is credited with the discovery of this vulnerability.
Vulnerable: Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
TikiWiki Project TikiWiki 1.8.5
TikiWiki Project TikiWiki 1.8.4
+ Gentoo Linux
TikiWiki Project TikiWiki 1.8.3
TikiWiki Project TikiWiki 1.8.2
TikiWiki Project TikiWiki 1.8.1
TikiWiki Project TikiWiki 1.8
TikiWiki Project TikiWiki 1.7.9
TikiWiki Project TikiWiki 1.7.8
TikiWiki Project TikiWiki 1.7.7
TikiWiki Project TikiWiki 1.7.6
TikiWiki Project TikiWiki 1.7.5
TikiWiki Project TikiWiki 1.7.4
TikiWiki Project TikiWiki 1.7.3
TikiWiki Project TikiWiki 1.7.2
TikiWiki Project TikiWiki 1.7.1 .1
TikiWiki Project TikiWiki 1.6.1
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0 SP6
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server 9
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
PHPXMLRPC PHPXMLRPC 1.1.1
PhpWiki PhpWIki 1.3.10
phpWebsite phpWebsite 0.10.2
phpWebsite phpWebsite 0.10.1
phpWebsite phpWebsite 0.10
phpWebsite phpWebsite 0.9.3 -4
phpWebsite phpWebsite 0.9.3 -3
phpWebsite phpWebsite 0.9.3 -2
phpWebsite phpWebsite 0.9.3 -1
phpWebsite phpWebsite 0.9.3
phpWebsite phpWebsite 0.8.3
phpWebsite phpWebsite 0.8.2
phpWebsite phpWebsite 0.7.3
phpPgAds phpPgAds 2.0.5
PHPGroupWare PHPGroupWare 0.9.16 RC3
PHPGroupWare PHPGroupWare 0.9.16 RC2
PHPGroupWare PHPGroupWare 0.9.16 RC1
PHPGroupWare PHPGroupWare 0.9.16 .006
PHPGroupWare PHPGroupWare 0.9.16 .005
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
PHPGroupWare PHPGroupWare 0.9.16 .003
+ Gentoo Linux
PHPGroupWare PHPGroupWare 0.9.16 .002
PHPGroupWare PHPGroupWare 0.9.16 .000
PHPGroupWare PHPGroupWare 0.9.14 .007
PHPGroupWare PHPGroupWare 0.9.14 .006
PHPGroupWare PHPGroupWare 0.9.14 .005
PHPGroupWare PHPGroupWare 0.9.14 .004
PHPGroupWare PHPGroupWare 0.9.14 .003
PHPGroupWare PHPGroupWare 0.9.14 .002
PHPGroupWare PHPGroupWare 0.9.14 .001
PHPGroupWare PHPGroupWare 0.9.14
PHPGroupWare PHPGroupWare 0.9.13
- Debian Linux 2.2
PHPGroupWare PHPGroupWare 0.9.12
- Conectiva Linux 9.0
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- MySQL AB MySQL 3.23.36
- MySQL AB MySQL 3.23.34
- MySQL AB MySQL 3.23.31
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
phpAdsNew phpAdsNew 2.0.4 -pr2
PEAR XML_RPC 1.3.3
Nucleus CMS Nucleus CMS 3.21
Nucleus CMS Nucleus CMS 3.2
Nucleus CMS Nucleus CMS 3.1
Nucleus CMS Nucleus CMS 3.0 RC
Nucleus CMS Nucleus CMS 3.0 1
Nucleus CMS Nucleus CMS 3.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MailWatch for MailScanner MailWatch for MailScanner 1.0.1
livesupport livesupport 1.0 rc1
livesupport livesupport 0.9.1
Gentoo Linux
eGroupWare eGroupWare 1.0.6
eGroupWare eGroupWare 1.0.3
eGroupWare eGroupWare 1.0.1
eGroupWare eGroupWare 1.0 .0.007
eGroupWare eGroupWare 1.0
Drupal Drupal 4.6.2
Drupal Drupal 4.6.1
Drupal Drupal 4.6
Drupal Drupal 4.5.4
Drupal Drupal 4.5.3
Drupal Drupal 4.5.2
Drupal Drupal 4.5.1
Drupal Drupal 4.5
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
b2evolution b2evolution 0.9 .0.12
b2evolution b2evolution 0.9 .0.11
b2evolution b2evolution 0.9 .0.10
b2evolution b2evolution 0.9 .0.09
b2evolution b2evolution 0.9 .0.08
b2evolution b2evolution 0.9 .0.05
b2evolution b2evolution 0.9 .0.03
b2evolution b2evolution 0.8.9
b2evolution b2evolution 0.8.7
b2evolution b2evolution 0.8.6 .2
b2evolution b2evolution 0.8.6 .1
b2evolution b2evolution 0.8.6
b2evolution b2evolution 0.8.2 .2
b2evolution b2evolution 0.8.2
Not Vulnerable: PHPXMLRPC PHPXMLRPC 1.2
phpPgAds phpPgAds 2.0.6
PHPGroupWare PHPGroupWare 0.9.16 .007
phpAdsNew phpAdsNew 2.0.6
PEAR XML_RPC 1.4
Nucleus CMS Nucleus CMS 3.22
Nucleus CMS Nucleus CMS 3.21
MailWatch for MailScanner MailWatch for MailScanner 1.0.2
livesupport livesupport 1.0 rc2
eGroupWare eGroupWare 1.0 .0.009
Drupal Drupal 4.6.3
Drupal Drupal 4.5.5
b2evolution b2evolution 0.9.1


 

Privacy Statement
Copyright 2010, SecurityFocus