205377 – (CVE-2007-6018) www-apps/horde(-imp|-webmail) Mail Deletion Security Bypass Vulnerability (CVE-2007-6018)

Bug 205377 (CVE-2007-6018) - www-apps/horde(-imp|-webmail) Mail Deletion Security Bypass Vulnerability (CVE-2007-6018)

Summary: www-apps/horde(-imp|-webmail) Mail Deletion Security Bypass Vulnerability (CV...

Status:	RESOLVED FIXED

Alias:	CVE-2007-6018

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/secunia_research/2...
Whiteboard:	B2 [glsa]
Keywords:

Duplicates (1):	203098 (view as bug list)
Depends on:
Blocks:

Reported:	2008-01-12 00:05 UTC by Lars Hartmann
Modified:	2008-02-11 22:41 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lars Hartmann 2008-01-12 00:05:58 UTC

Secunia Research has discovered a vulnerability in IMP Webmail Client
and Horde Groupware Webmail Edition, which can be exploited by
malicious people to bypass certain security restrictions and
manipulate data.

The HTML filter does not filter out <frame> and <frameset> HTML
elements. Additionally, the application allows users to perform
certain actions via HTTP requests without performing any validity
checks to verify the request. This can be exploited to (a) delete an
arbitrary number of e-mail messages by referencing their numeric IDs
and (b) purge deleted mails, when the victim opens a malicious HTML
mail.

Successful exploitation requires that the victim opens the HTML part
of a malicious message.

Solution:
Update to Horde 3.1.6 or Horde Groupware Webmail Edition 1.0.4.

Comment 1 Lars Hartmann 2008-01-12 00:07:17 UTC

maintainers - please advise

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-01-12 01:17:02 UTC

*** Bug 203098 has been marked as a duplicate of this bug. ***

Comment 3 SpanKY gentoo-dev

2008-01-12 05:30:53 UTC

all horde packages should be bumped now

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-01-13 11:14:32 UTC

Thanks Mike. horde-webmail is ok because of ~arch. Arches, please test and mark stable www-apps/horde-imp-4.1.6. Target "alpha amd64 hppa ppc sparc x86"

Comment 5 Markus Meier gentoo-dev

2008-01-13 22:42:56 UTC

x86 stable

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2008-01-15 14:36:43 UTC

Stable for HPPA.

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2008-01-16 12:15:39 UTC

alpha/sparc stable

Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev

2008-01-18 20:27:13 UTC

ppc stable

Comment 9 Steve Dibb (RETIRED) gentoo-dev

2008-01-23 16:10:01 UTC

amd64 stable

Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-02-11 22:41:08 UTC

GLSA 200802-03