Debian DSA-1406-1 : horde3 - several vulnerabilities

medium Nessus Plugin ID 28151

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the Horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2006-3548 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting).

This vulnerability applies to oldstable (sarge) only.

- CVE-2006-3549 Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy.

This vulnerability applies to oldstable (sarge) only.

- CVE-2006-4256 Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks.

This vulnerability applies to oldstable (sarge) only.

- CVE-2007-1473 Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting).

This vulnerability applies to both stable (etch) and oldstable (sarge).

- CVE-2007-1474 iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files.

This vulnerability applies to oldstable (sarge) only.

Solution

Upgrade the horde3 package.

For the old stable distribution (sarge) these problems have been fixed in version 3.0.4-4sarge6.

For the stable distribution (etch) these problems have been fixed in version 3.1.3-4etch1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378281

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383416

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434045

https://security-tracker.debian.org/tracker/CVE-2006-3548

https://security-tracker.debian.org/tracker/CVE-2006-3549

https://security-tracker.debian.org/tracker/CVE-2006-4256

https://security-tracker.debian.org/tracker/CVE-2007-1473

https://security-tracker.debian.org/tracker/CVE-2007-1474

https://www.debian.org/security/2007/dsa-1406

Plugin Details

Severity: Medium

ID: 28151

File Name: debian_DSA-1406.nasl

Version: 1.18

Type: local

Agent: unix

Published: 11/12/2007

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:horde3, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 11/9/2007

Reference Information

CVE: CVE-2006-3548, CVE-2006-3549, CVE-2006-4256, CVE-2007-1473, CVE-2007-1474

DSA: 1406