203098 – www-apps/horde-imp <=4.1.5 Delete Mail Security Bypass Vulnerability (CVE-2007-6018)

Bug 203098 - www-apps/horde-imp <=4.1.5 Delete Mail Security Bypass Vulnerability (CVE-2007-6018)

Summary: www-apps/horde-imp <=4.1.5 Delete Mail Security Bypass Vulnerability (CVE-20...

Status:	RESOLVED DUPLICATE of bug 205377

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [upstream] CONFIDENTIAL 2008-01-02...
Keywords:

Depends on:
Blocks:

Reported:	2007-12-22 22:28 UTC by Robert Buchholz (RETIRED)
Modified:	2008-01-12 01:17 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2007-12-22 22:28:07 UTC

Secunia discovered the following vulnerability:

The HTML filter does not filter out <frame> and <frameset> HTML
elements. Additionally, the application allows users to perform certain
actions via HTTP requests without performing any validity checks to
verify the request. This can be exploited to (a) delete an arbitrary
number of e-mail messages by referencing their numeric IDs and (b) purge
deleted mails, when the victim opens a malicious HTML mail.

Successful exploitation requires that the victim opens the HTML part of
a malicious message.


There is no upstream patch AFAIK yet, so this bug is merely for tracking. Disclosure date is 2008-01-02 10am CET. Please keep confidential until then.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2008-01-06 18:39:19 UTC

Removing webapps since an alias can't view restricted bugs and vapier is listed as the maintainer.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-01-12 01:17:02 UTC


*** This bug has been marked as a duplicate of bug 205377 ***