Executive Summary

Informations
Name CVE-2008-0807 First vendor Publication 2008-02-18
Vendor Cve Last vendor Modification 2011-03-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Cvss Base Score 4.9 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0807

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18738
 
Oval ID: oval:org.mitre.oval:def:18738
Title: DSA-1507-1 turba2
Description: Peter Paul Elfferich discovered that turba2, a contact management component for horde framework, did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records.
Family: unix Class: patch
Reference(s): DSA-1507-1
CVE-2008-0807
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): turba2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8049
 
Oval ID: oval:org.mitre.oval:def:8049
Title: DSA-1507 turba2 -- programming error
Description: Peter Paul Elfferich discovered that turba2, a contact management component for horde framework, did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records.
Family: unix Class: patch
Reference(s): DSA-1507
CVE-2008-0807
 Version: 3
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 3.1
 Product(s): turba2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1

OpenVAS Exploits

Date Description
2009-02-16 Name : Fedora Update for horde FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_horde_fc7.nasl
2009-02-16 Name : Fedora Update for imp FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_imp_fc7.nasl
2009-02-16 Name : Fedora Update for turba FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_turba_fc7.nasl
2009-02-16 Name : Fedora Update for horde FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_horde_fc8.nasl
2009-02-16 Name : Fedora Update for imp FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_imp_fc8.nasl
2009-02-16 Name : Fedora Update for turba FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_turba_fc8.nasl
2008-02-28 Name : Debian Security Advisory DSA 1507-1 (turba2)
File : nvt/deb_1507_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42779 Horde Turba 2 (turba2) Contact Manager H3 lib/Driver/sql.php Unauthorized Dat...

Nessus® Vulnerability Scanner

Date Description
2008-02-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-2040.nasl - Type : ACT_GATHER_INFO
2008-02-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-2087.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1507.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/27844
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058
https://bugzilla.redhat.com/show_bug.cgi?id=432027
DEBIAN http://www.debian.org/security/2008/dsa-1507
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0088...
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0092...
MLIST http://lists.horde.org/archives/announce/2008/000378.html
http://lists.horde.org/archives/announce/2008/000379.html
http://lists.horde.org/archives/announce/2008/000380.html
http://lists.horde.org/archives/announce/2008/000381.html
SECTRACK http://www.securitytracker.com/id?1019433
SECUNIA http://secunia.com/advisories/28982
http://secunia.com/advisories/29071
http://secunia.com/advisories/29184
http://secunia.com/advisories/29185
http://secunia.com/advisories/29186
VUPEN http://www.vupen.com/english/advisories/2008/0593/references

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2020-05-23 00:21:16
  • Multiple Updates
2016-06-28 23:58:24
  • Multiple Updates
2016-04-26 17:07:53
  • Multiple Updates
2014-02-17 10:43:47
  • Multiple Updates
2013-05-11 00:09:31
  • Multiple Updates