Ubuntu Security Notice 4620-1 - It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code.
526e7f8e00d6eb231a95e84c7d80a713dd12c7e29924f5be6116e1bf8120904b==========================================================================
Ubuntu Security Notice USN-4620-1
November 05, 2020
phpldapadmin vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
phpLDAPadmin could be made to crash if it received specially crafted
input.
Software Description:
- phpldapadmin: A web-based LDAP client
Details:
It was discovered that phpLDAPadmin didn't properly sanitize before being
echoed to the user. A remote attacker could inject arbitrary HTML/Javascript
code in a user's context and cause a crash, resulting in denial of service or
potential execution of arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
phpldapadmin 1.2.2-6ubuntu1.1
After a standard system update you need to restart phpLDAPadmin to make
all the necessary changes.
References:
https://usn.ubuntu.com/4620-1
CVE-2017-11107
Package Information:
https://launchpad.net/ubuntu/+source/phpldapadmin/1.2.2-6ubuntu1.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed