1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200805-01">
<title>Horde Application Framework: Multiple vulnerabilities</title>
<synopsis>
Multiple vulnerabilities in the Horde Application Framework may lead to the
execution of arbitrary files, information disclosure, and allow a remote
attacker to bypass security restrictions.
</synopsis>
<product type="ebuild">horde</product>
<announced>May 05, 2008</announced>
<revised>May 05, 2008: 01</revised>
<bug>212635</bug>
<bug>213493</bug>
<access>remote</access>
<affected>
<package name="www-apps/horde" auto="yes" arch="*">
<unaffected range="ge">3.1.7</unaffected>
<vulnerable range="lt">3.1.7</vulnerable>
</package>
<package name="www-apps/horde-groupware" auto="yes" arch="*">
<unaffected range="ge">1.0.5</unaffected>
<vulnerable range="lt">1.0.5</vulnerable>
</package>
<package name="www-apps/horde-kronolith" auto="yes" arch="*">
<unaffected range="ge">2.1.7</unaffected>
<vulnerable range="lt">2.1.7</vulnerable>
</package>
<package name="www-apps/horde-mnemo" auto="yes" arch="*">
<unaffected range="ge">2.1.2</unaffected>
<vulnerable range="lt">2.1.2</vulnerable>
</package>
<package name="www-apps/horde-nag" auto="yes" arch="*">
<unaffected range="ge">2.1.4</unaffected>
<vulnerable range="lt">2.1.4</vulnerable>
</package>
<package name="www-apps/horde-webmail" auto="yes" arch="*">
<unaffected range="ge">1.0.6</unaffected>
<vulnerable range="lt">1.0.6</vulnerable>
</package>
</affected>
<background>
<p>
The Horde Application Framework is a general-purpose web application
framework written in PHP, providing classes for handling preferences,
compression, browser detection, connection tracking, MIME and more.
</p>
</background>
<description>
<p>
Multiple vulnerabilities have been reported in the Horde Application
Framework:
</p>
<ul>
<li>David Collins, Patrick Pelanne and the
HostGator.com LLC support team discovered that the theme preference
page does not sanitize POST variables for several options, allowing the
insertion of NULL bytes and ".." sequences (CVE-2008-1284).</li>
<li>An
error exists in the Horde API allowing users to bypass security
restrictions.</li>
</ul>
</description>
<impact type="normal">
<p>
The first vulnerability can be exploited by a remote attacker to read
arbitrary files and by remote authenticated attackers to execute
arbitrary files. The second vulnerability can be exploited by
authenticated remote attackers to perform restricted operations.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All Horde Application Framework users should upgrade to the latest
version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.7"</code>
<p>
All horde-groupware users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-groupware-1.0.5"</code>
<p>
All horde-kronolith users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-2.1.7"</code>
<p>
All horde-mnemo users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-2.1.2"</code>
<p>
All horde-nag users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-nag-2.1.4"</code>
<p>
All horde-webmail users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-webmail-1.0.6"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284">CVE-2008-1284</uri>
</references>
<metadata tag="requester" timestamp="Sat, 29 Mar 2008 20:23:06 +0000">
keytoaster
</metadata>
<metadata tag="bugReady" timestamp="Thu, 03 Apr 2008 14:49:55 +0000">
rbu
</metadata>
<metadata tag="submitter" timestamp="Sat, 26 Apr 2008 11:40:54 +0000">
mfleming
</metadata>
</glsa>
|