Mandriva Linux Security Advisory : roundcubemail (MDVSA-2013:149)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

A vulnerability has been found and corrected in roundcubemail :

A local file inclusion flaw was found in the way RoundCube Webmail, a
browser-based multilingual IMAP client, performed validation of the
'generic_message_footer' value provided via web user interface in
certain circumstances. A remote attacker could issue a specially
crafted request that, when processed by RoundCube Webmail could allow
an attacker to obtain arbitrary file on the system, accessible with
the privileges of the user running RoundCube Webmail client
(CVE-2013-1904).

The updated packages have been upgraded to the 0.8.6 version which is
not affected by this issue.

See also :

http://www.nessus.org/u?92032355

Solution :

Update the affected roundcubemail package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66186 ()

Bugtraq ID: 58770

CVE ID: CVE-2013-1904

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now