Gentoo Bug 285052 - <www-apps/horde-3.3.5, <www-apps/horde{-webmail,-groupware}-1.2.4: Multiple vulnerabilities (CVE-2009-{3236,3237})

Description:

Opened: 2009-09-15 06:45 0000

From Secunia:

Some vulnerabilities have been reported in the Horde Application Framework,
which can be exploited by malicious people to conduct script insertion and
cross-site scripting attacks and by malicious users to compromise a vulnerable
system.

1) An error within the form library when handling image form fields can be
exploited to overwrite arbitrary local files.

Successful exploitation requires that an application uses the affected image
fields (e.g. Ansel or Turba) and that the attacker has write permissions.

2) An error exists within the MIME Viewer library when rendering unknown text
parts. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site if malicious data is
viewed.

3) The preferences system does not properly sanitise numeric preference types.
This can be exploited to execute arbitrary HTML and script code in a user's
browser session in contact of an affected site.

Webmail and Groupware are affected by #2 and #3.

------- Comment #1 From Alex Legler 2009-09-15 07:36:42 0000 -------

(In reply to comment #0)
> Webmail and Groupware are affected by #2 and #3.
> 

Cancel that. Both are vulnerable to all three issues.

+*horde-3.3.5 (15 Sep 2009)
+
+  15 Sep 2009; Alex Legler <a3li@gentoo.org> +horde-3.3.5.ebuild:
+  Non-maintainer commit: Version bump for security bug 285052.
+

------- Comment #2 From Alex Legler 2009-09-15 07:37:23 0000 -------

Arches, please test and mark stable:
=www-apps/horde-3.3.5
Target keywords : "alpha amd64 hppa ppc sparc x86"

------- Comment #4 From Alex Legler 2009-09-16 15:02:56 0000 -------

+*horde-webmail-1.2.4 (16 Sep 2009)
+
+  16 Sep 2009; Alex Legler <a3li@gentoo.org> -horde-webmail-1.0.8.ebuild,
+  -horde-webmail-1.1.3.ebuild, -horde-webmail-1.2.ebuild,
+  +horde-webmail-1.2.4.ebuild:
+  Non-maintainer commit: Version bump for security bug 285052. Removing
+  vulnerable versions. Adding USE condition on the patch in SRC_URI. Fixing
+  homepage, closes bug 257694.
+

+*horde-groupware-1.2.4 (16 Sep 2009)
+
+  16 Sep 2009; Alex Legler <a3li@gentoo.org> -horde-groupware-1.2.3.ebuild,
+  +horde-groupware-1.2.4.ebuild:
+  Non-maintainer commit: Version bump for security bug 285052. Removing
+  vulnerable version.
+

------- Comment #6 From Alex Legler 2009-09-18 14:29:00 0000 -------

CVE-2009-3236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3236):
  Unspecified vulnerability in the form library in Horde Application
  Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before
  1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before
  1.1.6 and 1.2 before 1.2.4; allows remote attackers, with privileges
  to write to the address book, to overwrite arbitrary files via
  crafted "image form fields."

CVE-2009-3237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3237):
  Multiple cross-site scripting (XSS) vulnerabilities in Horde
  Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5;
  Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware
  Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote
  attackers to inject arbitrary web script or HTML via the (1) crafted
  number preferences that are not properly handled in the preference
  system (services/prefs.php), as demonstrated by the sidebar_width
  parameter; or (2) crafted unknown MIME "text parts" that are not
  properly handled in the MIME viewer library (config/mime_drivers.php).

Bug 285052 depends on:			Show dependency tree
Bug 285052 blocks:			Show dependency tree

Bugzilla Bug 285052

<www-apps/horde-3.3.5, <www-apps/horde{-webmail,-groupware}-1.2.4: Multiple vulnerabilities (CVE-2009-{3236,3237})

Last modified: 2009-11-06 13:38:32 0000