Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200805-01 ] Horde Application Framework: Multiple vulnerabilities
Date: Mon, 05 May 2008 21:16:13
Message-Id: 481F7759.6030104@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200805-01
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: Normal
11 Title: Horde Application Framework: Multiple vulnerabilities
12 Date: May 05, 2008
13 Bugs: #212635, #213493
14 ID: 200805-01
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Multiple vulnerabilities in the Horde Application Framework may lead to
22 the execution of arbitrary files, information disclosure, and allow a
23 remote attacker to bypass security restrictions.
24
25 Background
26 ==========
27
28 The Horde Application Framework is a general-purpose web application
29 framework written in PHP, providing classes for handling preferences,
30 compression, browser detection, connection tracking, MIME and more.
31
32 Affected packages
33 =================
34
35 -------------------------------------------------------------------
36 Package / Vulnerable / Unaffected
37 -------------------------------------------------------------------
38 1 www-apps/horde < 3.1.7 >= 3.1.7
39 2 www-apps/horde-groupware < 1.0.5 >= 1.0.5
40 3 www-apps/horde-kronolith < 2.1.7 >= 2.1.7
41 4 www-apps/horde-mnemo < 2.1.2 >= 2.1.2
42 5 www-apps/horde-nag < 2.1.4 >= 2.1.4
43 6 www-apps/horde-webmail < 1.0.6 >= 1.0.6
44 -------------------------------------------------------------------
45 6 affected packages on all of their supported architectures.
46 -------------------------------------------------------------------
47
48 Description
49 ===========
50
51 Multiple vulnerabilities have been reported in the Horde Application
52 Framework:
53
54 * David Collins, Patrick Pelanne and the HostGator.com LLC support
55 team discovered that the theme preference page does not sanitize POST
56 variables for several options, allowing the insertion of NULL bytes
57 and ".." sequences (CVE-2008-1284).
58
59 * An error exists in the Horde API allowing users to bypass security
60 restrictions.
61
62 Impact
63 ======
64
65 The first vulnerability can be exploited by a remote attacker to read
66 arbitrary files and by remote authenticated attackers to execute
67 arbitrary files. The second vulnerability can be exploited by
68 authenticated remote attackers to perform restricted operations.
69
70 Workaround
71 ==========
72
73 There is no known workaround at this time.
74
75 Resolution
76 ==========
77
78 All Horde Application Framework users should upgrade to the latest
79 version:
80
81 # emerge --sync
82 # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.7"
83
84 All horde-groupware users should upgrade to the latest version:
85
86 # emerge --sync
87 # emerge --ask --oneshot --verbose ">=www-apps/horde-groupware-1.0.5"
88
89 All horde-kronolith users should upgrade to the latest version:
90
91 # emerge --sync
92 # emerge --ask --oneshot --verbose ">=www-apps/horde-kronolith-2.1.7"
93
94 All horde-mnemo users should upgrade to the latest version:
95
96 # emerge --sync
97 # emerge --ask --oneshot --verbose ">=www-apps/horde-mnemo-2.1.2"
98
99 All horde-nag users should upgrade to the latest version:
100
101 # emerge --sync
102 # emerge --ask --oneshot --verbose ">=www-apps/horde-nag-2.1.4"
103
104 All horde-webmail users should upgrade to the latest version:
105
106 # emerge --sync
107 # emerge --ask --oneshot --verbose ">=www-apps/horde-webmail-1.0.6"
108
109 References
110 ==========
111
112 [ 1 ] CVE-2008-1284
113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284
114
115 Availability
116 ============
117
118 This GLSA and any updates to it are available for viewing at
119 the Gentoo Security Website:
120
121 http://security.gentoo.org/glsa/glsa-200805-01.xml
122
123 Concerns?
124 =========
125
126 Security is a primary focus of Gentoo Linux and ensuring the
127 confidentiality and security of our users machines is of utmost
128 importance to us. Any security concerns should be addressed to
129 security@g.o or alternatively, you may file a bug at
130 http://bugs.gentoo.org.
131
132 License
133 =======
134
135 Copyright 2008 Gentoo Foundation, Inc; referenced text
136 belongs to its owner(s).
137
138 The contents of this document are licensed under the
139 Creative Commons - Attribution / Share Alike license.
140
141 http://creativecommons.org/licenses/by-sa/2.5
142 -----BEGIN PGP SIGNATURE-----
143 Version: GnuPG v2.0.7 (GNU/Linux)
144 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
145
146 iD8DBQFIH3dZuhJ+ozIKI5gRAh8VAJ4zaLHV1TKYxzVygklR+queUOB7BACgj9KU
147 HNgL2U4GaEj6VKejjpJltYo=
148 =6J+S
149 -----END PGP SIGNATURE-----
150 --
151 gentoo-announce@l.g.o mailing list