[pkg-horde] Bug#737149: CVE-2014-1691: Remote code execution in horde < 5.1.1

Micah Anderson micah at debian.org
Thu Jan 30 17:00:10 UTC 2014

Package: horde3
Version: 3.3.8+debian0-2
Severity: serious
Tags: security
Justification: security issue


As detailed on the debian security tracker[0] and reported on oss-sec[1] and assigned CVE 2014-1691, there is a remote code execution bug in horde affecting all versions from at least horde 3.1.x to 5.1.1.

That includes squeeze... I've got a patch that applies to the horde3 package in squeeze that resolves this issue, please find it attached[2]... I've built and tested these packages on Squeeze in an active environment. I am not certain where this particular code is used, so I wasn't sure if I was able to test exactly that code path.

If you would like, I can provide a package for squeeze for a DSA.


0. https://security-tracker.debian.org/tracker/CVE-2014-1691
1. http://seclists.org/oss-sec/2014/q1/153
2. https://gist.github.com/pietro/8712454/raw/b03bc5ecb7ec1f1f778b867ecd6d9d142d0ddaf7/gistfile1.diff

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages horde3 depends on:
ii  apache2              2.4.7-1
ii  apache2-bin [httpd]  2.4.7-1
ii  libapache2-mod-php5  5.5.8+dfsg-3
ii  libjs-scriptaculous  1.9.0-2
ii  php-log              1.12.7-1
ii  php-mail             1.2.0-5
ii  php-mail-mime        1.8.8-1
ii  php5-gd              5.5.8+dfsg-3
ii  php5-mcrypt          5.5.8+dfsg-3

Versions of packages horde3 recommends:
pn  fckeditor                                                      <none>
ii  locales                                                        2.17-97
ii  logrotate                                                      3.8.7-1
pn  php-date                                                       <none>
ii  php-db                                                         1.7.14-2
pn  php-file                                                       <none>
ii  php-mdb2                                                       2.5.0b5-1
pn  php-mdb2-driver-mysql | php-mdb2-driver-pgsql | php-mdb2-driv  <none>
pn  php-services-weather                                           <none>
ii  php5-cli                                                       5.5.8+dfsg-3
pn  php5-mysql | php5-pgsql | php5-ldap                            <none>
pn  tinymce2 | tinymce                                             <none>

Versions of packages horde3 suggests:
pn  chora2                    <none>
pn  enscript                  <none>
ii  gettext         
pn  gollem                    <none>
pn  imp4                      <none>
pn  kronolith2                <none>
ii  libgeoip1                 1.6.0-1
pn  libwpd-tools              <none>
pn  mnemo2                    <none>
pn  php-net-imap              <none>
pn  php5-auth-pam             <none>
ii  php5-common [php5-mhash]  5.5.8+dfsg-3
pn  ppthtml                   <none>
pn  rpm                       <none>
pn  source-highlight          <none>
pn  turba2                    <none>
pn  unrtf                     <none>
pn  webcpp                    <none>
pn  wv                        <none>
pn  xlhtml                    <none>

-- Configuration Files:
/etc/horde/horde3/.htaccess [Errno 13] Permission denied: u'/etc/horde/horde3/.htaccess'
/etc/horde/horde3/conf.php [Errno 13] Permission denied: u'/etc/horde/horde3/conf.php'
/etc/horde/horde3/conf.xml [Errno 13] Permission denied: u'/etc/horde/horde3/conf.xml'
/etc/horde/horde3/hooks.php [Errno 13] Permission denied: u'/etc/horde/horde3/hooks.php'
/etc/horde/horde3/mime_drivers.php [Errno 13] Permission denied: u'/etc/horde/horde3/mime_drivers.php'
/etc/horde/horde3/motd.php [Errno 13] Permission denied: u'/etc/horde/horde3/motd.php'
/etc/horde/horde3/nls.php [Errno 13] Permission denied: u'/etc/horde/horde3/nls.php'
/etc/horde/horde3/prefs.php [Errno 13] Permission denied: u'/etc/horde/horde3/prefs.php'
/etc/horde/horde3/registry.d/README [Errno 13] Permission denied: u'/etc/horde/horde3/registry.d/README'
/etc/horde/horde3/registry.php [Errno 13] Permission denied: u'/etc/horde/horde3/registry.php'

-- no debconf information

More information about the pkg-horde-hackers mailing list