FreeBSD : horde-base -- multiple vulnerabilities (ee23aa09-a175-11de-96c0-0011098ad87f)

high Nessus Plugin ID 40979

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Horde team reports :

An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files.

An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.

The preferences system does not properly sanitise numeric preference types. This can be exploited to execute arbitrary HTML and script code in a user's browser session in contact of an affected site.

Solution

Update the affected package.

See Also

https://bugs.horde.org/ticket/?id=8311

https://bugs.horde.org/ticket/?id=8399

http://www.nessus.org/u?fbcecf00

http://www.nessus.org/u?2820a5ac

Plugin Details

Severity: High

ID: 40979

File Name: freebsd_pkg_ee23aa09a17511de96c00011098ad87f.nasl

Version: 1.13

Type: local

Published: 9/15/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:horde-base, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/14/2009

Vulnerability Publication Date: 5/28/2009

Reference Information

Secunia: 36665