[Secure-testing-team] Bug#737149: CVE-2014-1691: Remote code execution in horde < 5.1.1
Micah Anderson
micah at debian.org
Thu Jan 30 17:00:10 UTC 2014
Package: horde3
Version: 3.3.8+debian0-2
Severity: serious
Tags: security
Justification: security issue
Hello,
As detailed on the debian security tracker[0] and reported on oss-sec[1] and assigned CVE 2014-1691, there is a remote code execution bug in horde affecting all versions from at least horde 3.1.x to 5.1.1.
That includes squeeze... I've got a patch that applies to the horde3 package in squeeze that resolves this issue, please find it attached[2]... I've built and tested these packages on Squeeze in an active environment. I am not certain where this particular code is used, so I wasn't sure if I was able to test exactly that code path.
If you would like, I can provide a package for squeeze for a DSA.
Micah
0. https://security-tracker.debian.org/tracker/CVE-2014-1691
1. http://seclists.org/oss-sec/2014/q1/153
2. https://gist.github.com/pietro/8712454/raw/b03bc5ecb7ec1f1f778b867ecd6d9d142d0ddaf7/gistfile1.diff
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages horde3 depends on:
ii apache2 2.4.7-1
ii apache2-bin [httpd] 2.4.7-1
ii libapache2-mod-php5 5.5.8+dfsg-3
ii libjs-scriptaculous 1.9.0-2
ii php-log 1.12.7-1
ii php-mail 1.2.0-5
ii php-mail-mime 1.8.8-1
ii php5-gd 5.5.8+dfsg-3
ii php5-mcrypt 5.5.8+dfsg-3
Versions of packages horde3 recommends:
pn fckeditor <none>
ii locales 2.17-97
ii logrotate 3.8.7-1
pn php-date <none>
ii php-db 1.7.14-2
pn php-file <none>
ii php-mdb2 2.5.0b5-1
pn php-mdb2-driver-mysql | php-mdb2-driver-pgsql | php-mdb2-driv <none>
pn php-services-weather <none>
ii php5-cli 5.5.8+dfsg-3
pn php5-mysql | php5-pgsql | php5-ldap <none>
pn tinymce2 | tinymce <none>
Versions of packages horde3 suggests:
pn chora2 <none>
pn enscript <none>
ii gettext 0.18.3.2-1
pn gollem <none>
pn imp4 <none>
pn kronolith2 <none>
ii libgeoip1 1.6.0-1
pn libwpd-tools <none>
pn mnemo2 <none>
pn php-net-imap <none>
pn php5-auth-pam <none>
ii php5-common [php5-mhash] 5.5.8+dfsg-3
pn ppthtml <none>
pn rpm <none>
pn source-highlight <none>
pn turba2 <none>
pn unrtf <none>
pn webcpp <none>
pn wv <none>
pn xlhtml <none>
-- Configuration Files:
/etc/horde/horde3/.htaccess [Errno 13] Permission denied: u'/etc/horde/horde3/.htaccess'
/etc/horde/horde3/conf.php [Errno 13] Permission denied: u'/etc/horde/horde3/conf.php'
/etc/horde/horde3/conf.xml [Errno 13] Permission denied: u'/etc/horde/horde3/conf.xml'
/etc/horde/horde3/hooks.php [Errno 13] Permission denied: u'/etc/horde/horde3/hooks.php'
/etc/horde/horde3/mime_drivers.php [Errno 13] Permission denied: u'/etc/horde/horde3/mime_drivers.php'
/etc/horde/horde3/motd.php [Errno 13] Permission denied: u'/etc/horde/horde3/motd.php'
/etc/horde/horde3/nls.php [Errno 13] Permission denied: u'/etc/horde/horde3/nls.php'
/etc/horde/horde3/prefs.php [Errno 13] Permission denied: u'/etc/horde/horde3/prefs.php'
/etc/horde/horde3/registry.d/README [Errno 13] Permission denied: u'/etc/horde/horde3/registry.d/README'
/etc/horde/horde3/registry.php [Errno 13] Permission denied: u'/etc/horde/horde3/registry.php'
-- no debconf information
More information about the Secure-testing-team
mailing list