FreeBSD : horde -- XSS vulnerabilities in MIME viewers (873a6542-5b8d-11da-b96e-000fb586ba73)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Announce of Horde 3.0.7 (final) :

This [3.0.7] is a security release that fixes cross site scripting
vulnerabilities in two of Horde's MIME viewers. These holes could for
example be exploited by an attacker sending specially crafted emails
to Horde's webmail client IMP. The attack could be used to steal
users' identity information, taking over users' sessions, or changing
users' settings.

As a hotfix the css and tgz MIME drivers can be disabled by removing
their entries from the $mime_drivers_map['horde']['registered'] list
in horde/config/mime_drivers.php.

See also :

http://lists.horde.org/archives/announce/2005/000232.html
http://www.nessus.org/u?1ea1574e

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21466 (freebsd_pkg_873a65425b8d11dab96e000fb586ba73.nasl)

Bugtraq ID: 15535

CVE ID: CVE-2005-3759

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now