Bug 749677 (CVE-2011-4082)

Summary: CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dmitry, jrusnack
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20111023,reported=20111027,source=internet,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,epel-4/phpldapadmin=affected
Fixed In Version: phpldapadmin 0.9.8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-31 15:43:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 749678    
Bug Blocks:    

Description Vincent Danen 2011-10-27 21:12:50 UTC
A local file inclusion flaw was found in the way the phpLDAPadmin, a web based LDAP client for managing LDAP servers, processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service (generate recursive inclusions leading to resource exhaustion) via specially-crafted request.

Note: A different issue than CVE-2011-4075 (due the different attack vector and different source code file in question).

References:

http://www.securityfocus.com/bid/50328/info
http://www.securityfocus.com/data/vulnerabilities/exploits/50328.java

This was corrected in phpLDAPAdmin 0.9.8.5 and was assigned the name CVE-2011-4082.

Comment 1 Vincent Danen 2011-10-27 21:13:40 UTC
Created phpldapadmin tracking bugs for this issue

Affects: epel-4 [bug 749678]

Comment 2 Vincent Danen 2011-10-31 15:43:20 UTC
This was actually fixed in 0.9.8 (only versions <= 0.9.7 are vulnerable).  EPEL4 currently has 0.9.8.3, and the contents of common.php in 0.9.8.3 and 0.9.8.5 are identical, so EPEL4 is not vulnerable to this.