CVE-2005-2498
Publication date 15 August 2005
Last updated 24 July 2024
Ubuntu priority
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Status
Package | Ubuntu Release | Status |
---|---|---|
drupal | 8.04 LTS hardy | Not in release |
7.10 gutsy | Not in release | |
7.04 feisty | Ignored end of life, was needed | |
6.10 edgy |
Fixed 4.5.8-1
|
|
6.06 LTS dapper |
Fixed 4.5.8-1
|
|
egroupware | 8.04 LTS hardy |
Fixed 1.0.0.009.dfsg-3-4
|
7.10 gutsy |
Fixed 1.0.0.009.dfsg-3-4
|
|
7.04 feisty |
Fixed 1.0.0.009.dfsg-3-4
|
|
6.10 edgy |
Fixed 1.0.0.009.dfsg-3-4
|
|
6.06 LTS dapper |
Fixed 1.0.0.009.dfsg-3-4
|
|
php4 | 8.04 LTS hardy | Not in release |
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.10 edgy |
Not affected
|
|
6.06 LTS dapper |
Not affected
|
|
php5 | 8.04 LTS hardy |
Fixed 5.2.3-1ubuntu5
|
7.10 gutsy |
Fixed 5.2.3-1ubuntu5
|
|
7.04 feisty |
Fixed 5.2.1-0ubuntu1.4
|
|
6.10 edgy |
Fixed 5.1.6-1ubuntu2.6
|
|
6.06 LTS dapper |
Fixed 5.1.2-1ubuntu3.9
|
|
phpgroupware | 8.04 LTS hardy |
Fixed 0.9.16.010-1
|
7.10 gutsy |
Fixed 0.9.16.010-1
|
|
7.04 feisty |
Fixed 0.9.16.010-1
|
|
6.10 edgy |
Fixed 0.9.16.010-1
|
|
6.06 LTS dapper |
Fixed 0.9.16.010-1
|