[pkg-horde] Bug#461131: Bug#461131: CVE-2007-6018: horde3 privilege escalation
Ola Lundqvist
opal at debian.org
Thu Jan 17 18:00:18 UTC 2008
Hi Stefan
Thanks a lot for the report! I saw the announce yesterday, but I have
not had the time to correct it at this very moment.
Best regards,
// Ola
On Wed, Jan 16, 2008 at 09:19:48PM +0100, Stefan Fritsch wrote:
> Package: horde3
> Version: 3.1.3-4
> Severity: important
> Tags: security
>
> A vulnerability has been found in horde3:
>
> The HTML filter does not filter out <frame> and <frameset> HTML
> elements. Additionally, the application allows users to perform
> certain actions via HTTP requests without performing any validity
> checks to verify the request. This can be exploited to (a) delete an
> arbitrary number of e-mail messages by referencing their numeric IDs
> and (b) purge deleted mails, when the victim opens a malicious HTML
> mail.
>
> Successful exploitation requires that the victim opens the HTML part
> of a malicious message.
>
>
> This is fixed in 3.1.6.
>
> Please mention the CVE id in the changelog.
>
>
>
> _______________________________________________
> pkg-horde-hackers mailing list
> pkg-horde-hackers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-horde-hackers
>
--
--------------------- Ola Lundqvist ---------------------------
/ opal at debian.org Annebergsslingan 37 \
| ola at opalsys.net 654 65 KARLSTAD |
| http://opalsys.net/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the pkg-horde-hackers
mailing list