Debian DSA-909-1 : horde3 - missing input sanitising

medium Nessus Plugin ID 22775

Synopsis

The remote Debian host is missing a security-related update.

Description

Daniel Schreckling discovered that the MIME viewer in horde3, a web application suite, does not always sanitise its input leaving a possibility to force the return of malicious code that could be executed on the victims machine.

Solution

Upgrade the horde3 package.

The old stable distribution (woody) does not contain horde3 packages.

For the stable distribution (sarge) these problems have been fixed in version 3.0.4-4sarge2.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340323

http://www.debian.org/security/2005/dsa-909

Plugin Details

Severity: Medium

ID: 22775

File Name: debian_DSA-909.nasl

Version: 1.18

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:horde3, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 11/23/2005

Vulnerability Publication Date: 11/22/2005

Reference Information

CVE: CVE-2005-3759

DSA: 909