Debian Security Update Fixes Zoph Remote SQL Injection Vulnerability


Description   A vulnerability has been identified in Debian, which could be exploited by attackers to execute arbitrary SQL queries. This issue is caused by input validation errors in the "photos.php" and "edit_photos.php" scripts when processing the "_order" parameter.
     
Vulnerable Products   Vulnerable Software:
Debian GNU/Linux sargeDebian GNU/Linux etchDebian GNU/Linux sid
     
Solution   Debian GNU/Linux sarge - Upgrade to zoph version 0.3.3-12sarge3Debian GNU/Linux etch - Upgrade to zoph version 0.6-2.1etch1Debian GNU/Linux sid - Upgrade to zoph version 0.7.0.2-1
     
CVE   CVE-2007-3905
     
References   http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00171.html
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00171.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - POST : possible version probing in data
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data
3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data
3.2.0
SQL injection Prevention - POST : suspicious OR statement in data
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data
3.2.0
SQL injection Prevention - GET : suspicious SQL statement in header
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2007-10-22 

 Target Type 
Server 

 Possible exploit 
Local & Remote