Bug 203098

Summary:	www-apps/horde-imp <=4.1.5 Delete Mail Security Bypass Vulnerability (CVE-2007-6018)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	minor	CC:	vapier
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [upstream] CONFIDENTIAL 2008-01-02 10am CET
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2007-12-22 22:28:07 UTC

Secunia discovered the following vulnerability:

The HTML filter does not filter out <frame> and <frameset> HTML
elements. Additionally, the application allows users to perform certain
actions via HTTP requests without performing any validity checks to
verify the request. This can be exploited to (a) delete an arbitrary
number of e-mail messages by referencing their numeric IDs and (b) purge
deleted mails, when the victim opens a malicious HTML mail.

Successful exploitation requires that the victim opens the HTML part of
a malicious message.


There is no upstream patch AFAIK yet, so this bug is merely for tracking. Disclosure date is 2008-01-02 10am CET. Please keep confidential until then.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-01-06 18:39:19 UTC

Removing webapps since an alias can't view restricted bugs and vapier is listed as the maintainer.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-01-12 01:17:02 UTC


*** This bug has been marked as a duplicate of bug 205377 ***