[pkg-horde] Bug#461131: CVE-2007-6018: horde3 privilege escalation
Stefan Fritsch
sf at sfritsch.de
Wed Jan 16 20:19:48 UTC 2008
Package: horde3
Version: 3.1.3-4
Severity: important
Tags: security
A vulnerability has been found in horde3:
The HTML filter does not filter out <frame> and <frameset> HTML
elements. Additionally, the application allows users to perform
certain actions via HTTP requests without performing any validity
checks to verify the request. This can be exploited to (a) delete an
arbitrary number of e-mail messages by referencing their numeric IDs
and (b) purge deleted mails, when the victim opens a malicious HTML
mail.
Successful exploitation requires that the victim opens the HTML part
of a malicious message.
This is fixed in 3.1.6.
Please mention the CVE id in the changelog.
More information about the pkg-horde-hackers
mailing list