Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 335874 (CVE-2010-1638) - www-apps/horde-imp: firewall bypass (CVE-2010-1638)
Summary: www-apps/horde-imp: firewall bypass (CVE-2010-1638)
Status: RESOLVED FIXED
Alias: CVE-2010-1638
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-03 21:00 UTC by Stefan Behte (RETIRED)
Modified: 2010-09-29 18:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:00:16 UTC 
CVE-2010-1638 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1638):
  The IMP plugin in Horde allows remote attackers to bypass firewall
  restrictions and use Horde as a proxy to scan internal networks via a
  crafted request to an unspecified test script.  NOTE: this is only a
  vulnerability when the administrator does not follow recommendations
  in the product's installation documentation.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-09-29 18:36:05 UTC 
Horde ebuilds now show an ewarn to consult the SECURITY guide before providing Horde in a production environment. That's all we can do.

Closing noglsa.