漏洞信息详情
SiteBar 传输模块 'translator.php' 恶意代码注入漏洞
- CNNVD编号:CNNVD-200710-491
- 危害等级: 中危
- CVE编号: CVE-2007-5693
- 漏洞类型: 代码注入
- 发布时间: 2007-10-29
- 威胁类型: 远程
- 更新时间: 2007-10-31
- 厂 商: sitebar
- 漏洞来源: Robert Buchholz of...
漏洞简介
SiteBar 3.3.8版本的传输模块(translator.php)中存在恶意代码注入漏洞。远程验证用户可以借助upd cmd 操作中的编辑参数, 执行任意PHP代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 4.0 amd64
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 ia-32
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 arm
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 hppa
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 sparc
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 s/390
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb Debian Linux 4.0 powerpc
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 alpha
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 m68k
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 mipsel
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 ia-64
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 4.0 mips
Debian sitebar_3.3.8-7etch1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7
etch1_all.deb
Debian Linux 3.1 ppc
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 ia-64
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 arm
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 mips
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 ia-32
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 alpha
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 m68k
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 mipsel
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 s/390
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 amd64
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 hppa
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
Debian Linux 3.1 sparc
Debian sitebar_3.2.6-7.1sarge1_all.deb
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7
.1sarge1_all.deb
SiteBar SiteBar 3.2.6
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&big_mirror=0
SiteBar SiteBar 3.3.2
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139&big_mirror=0
SiteBar SiteBar 3.3.3
SiteBar SiteBar-3.3.9.tar.bz2
http://downloads.sourceforge.net/sitebar/SiteBar-3.3.9.tar.bz2?modtime
=1192322139
参考网址
来源: BID
名称: 26126
链接:http://www.securityfocus.com/bid/26126
来源: teamforge.net
链接:http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
来源: BUGTRAQ
名称: 20071018 Serious holes affecting SiteBar 3.3.8
链接:http://www.securityfocus.com/archive/1/archive/1/482499/100/0/threaded
来源: OSVDB
名称: 43604
链接:http://osvdb.org/43604
来源: GENTOO
名称: GLSA-200711-05
链接:http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
来源: VUPEN
名称: ADV-2007-3768
链接:http://www.frsirt.com/english/advisories/2007/3768
来源: DEBIAN
名称: DSA-1423
链接:http://www.debian.org/security/2007/dsa-1423
来源: SREASON
名称: 3318
链接:http://securityreason.com/securityalert/3318
来源: SECUNIA
名称: 28008
链接:http://secunia.com/advisories/28008
来源: SECUNIA
名称: 27503
链接:http://secunia.com/advisories/27503
受影响实体
- Sitebar Sitebar:3.3.8
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论