[pkg-horde] Bug#378281: horde3: CVE-2006-3548 and CVE-2006-3549:
multiple vulnerabilities
Alec Berryman
alec at thened.net
Sat Jul 15 00:12:32 UTC 2006
Package: horde3
Version: 3.0.4-4sarge4 3.1.1-3
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-3548: "Multiple cross-site scripting (XSS) vulnerabilities in
Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through
3.1.1 allow remote attackers to inject arbitrary web script or HTML via
a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI
in the url parameter in services/go.php (aka the dereferrer), (5) a
javascript URI in the module parameter in services/help (aka the help
viewer), and (6) the name parameter in services/problem.php (aka the
problem reporting screen)."
CVE-2006-3549: "services/go.php in Horde Application Framework 3.0.0
through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its
image proxy capability, which allows remote attackers to perform "Web
tunneling" attacks and use the server as a proxy via (1) http, (2)
https, and (3) ftp URL in the url parameter, which is requested from the
server."
These issues are reportedly fixed in 3.1.11 and 3.1.2. The two list
announcements, [1] and [2], may provide more detail, but I can't reach
lists.horde.org now. I believe they are the same as [3] and [4].
Sarge's version is affected.
Please note the CVE numbers in your changelogs.
Thanks,
Alec
[1] http://lists.horde.org/archives/announce/2006/000287.html
[2] http://lists.horde.org/archives/announce/2006/000288.html
[3] http://marc.theaimsgroup.com/?l=horde-announce&m=115211712002671&w=2
[4] http://marc.theaimsgroup.com/?l=horde-announce&m=115211223405498&w=2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEuDLwAud/2YgchcQRAvfJAJ9MmPk+iO2tvHfA2E+aMO6qSJUYHQCfUT7v
wZ9yLl7AAyyHXvaSkttd4FU=
=HKNa
-----END PGP SIGNATURE-----
More information about the pkg-horde-hackers
mailing list