Executive Summary

Summary
Title Horde IMP: Security bypass
Informations
Name GLSA-200802-03 First vendor Publication 2008-02-11
Vendor Gentoo Last vendor Modification 2008-02-11
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score 5.8 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Insufficient checks in Horde may allow a remote attacker to bypass security restrictions.

Background

Horde IMP provides a web-based access to IMAP and POP3 mailboxes.

Description

Ulf Harnhammar, Secunia Research discovered that the "frame" and
"frameset" HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked.

Impact

A remote attacker could entice a user to open a specially crafted HTML e-mail, possibly resulting in the deletion of arbitrary e-mail messages.

Workaround

There is no known workaround at this time.

Resolution

All Horde IMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/horde-imp-4.1.6"

References

[ 1 ] CVE-2007-6018 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200802-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200802-03.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20374
 
Oval ID: oval:org.mitre.oval:def:20374
Title: DSA-1470-1 horde3 - missing input sanitising
Description: Ulf Härnhammar discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client.
Family: unix Class: patch
Reference(s): DSA-1470-1
CVE-2007-6018
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): horde3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8124
 
Oval ID: oval:org.mitre.oval:def:8124
Title: DSA-1470 horde3 -- missing input sanitising
Description: Ulf Hauml rnhammar discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client. This update also provides backported bugfixes to the cross-site scripting filter and the user management API from the latest Horde release 3.1.6. The old stable distribution (sarge) is not affected. An update to Etch is recommended, though.
Family: unix Class: patch
Reference(s): DSA-1470
CVE-2007-6018
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): horde3
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 1

OpenVAS Exploits

Date Description
2009-03-31 Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl
2009-02-16 Name : Fedora Update for horde FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_horde_fc7.nasl
2009-02-16 Name : Fedora Update for imp FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_imp_fc7.nasl
2009-02-16 Name : Fedora Update for turba FEDORA-2008-2040
File : nvt/gb_fedora_2008_2040_turba_fc7.nasl
2009-02-16 Name : Fedora Update for horde FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_horde_fc8.nasl
2009-02-16 Name : Fedora Update for imp FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_imp_fc8.nasl
2009-02-16 Name : Fedora Update for turba FEDORA-2008-2087
File : nvt/gb_fedora_2008_2087_turba_fc8.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200802-03 (horde-imp)
File : nvt/glsa_200802_03.nasl
2008-01-31 Name : Debian Security Advisory DSA 1470-1 (horde3)
File : nvt/deb_1470_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42773 Horde / IMP Mail Crafted E-mail Arbitrary Delete Mail Purge

Horde IMP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not filter out "<frame>" and "<frameset>" HTML elements. Additionally, the product allows to perform certain operations without proper validation of its input. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity: attacker could delete messages in mail box, and purge previous deleted emails.
42772 Horde / IMP Mail Crafted Numeric ID Arbitrary Mail Deletion

Nessus® Vulnerability Scanner

Date Description
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_imp-090318.nasl - Type : ACT_GATHER_INFO
2009-03-24 Name : The remote openSUSE host is missing a security update.
File : suse_imp-6101.nasl - Type : ACT_GATHER_INFO
2008-02-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-2040.nasl - Type : ACT_GATHER_INFO
2008-02-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-2087.nasl - Type : ACT_GATHER_INFO
2008-02-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-03.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1470.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:32
  • Multiple Updates