Bug 205377 - www-apps/horde(-imp|-webmail) Mail Deletion Security Bypass Vulnerability (CVE-2007-6018)
|
Bug#:
205377
(CVE-2007-6018)
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: lars@chaotika.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://secunia.com/secunia_research/2007-102/advisory/
|
|
Summary: www-apps/horde(-imp|-webmail) Mail Deletion Security Bypass Vulnerability (CVE-2007-6018)
|
|
Keywords:
|
|
Status Whiteboard: B2 [glsa]
|
|
Opened: 2008-01-12 00:05 0000
|
Secunia Research has discovered a vulnerability in IMP Webmail Client
and Horde Groupware Webmail Edition, which can be exploited by
malicious people to bypass certain security restrictions and
manipulate data.
The HTML filter does not filter out <frame> and <frameset> HTML
elements. Additionally, the application allows users to perform
certain actions via HTTP requests without performing any validity
checks to verify the request. This can be exploited to (a) delete an
arbitrary number of e-mail messages by referencing their numeric IDs
and (b) purge deleted mails, when the victim opens a malicious HTML
mail.
Successful exploitation requires that the victim opens the HTML part
of a malicious message.
Solution:
Update to Horde 3.1.6 or Horde Groupware Webmail Edition 1.0.4.
maintainers - please advise
*** Bug 203098 has been marked as a duplicate of this bug. ***
all horde packages should be bumped now
Thanks Mike. horde-webmail is ok because of ~arch. Arches, please test and mark
stable www-apps/horde-imp-4.1.6. Target "alpha amd64 hppa ppc sparc x86"
