Debian DSA-1033-1 : horde3 - several vulnerabilities

high Nessus Plugin ID 22575

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2005-4190 Several Cross-Site-Scripting vulnerabilities have been discovered in the 'share edit window'.

- CVE-2006-1260 Null characters in the URL parameter bypass a sanity check, which allowed remote attackers to read arbitrary files, which allowed information disclosure.

- CVE-2006-1491 User input in the help viewer was passed unsanitised to the eval() function, which allowed injection of arbitrary web code.

Solution

Upgrade the horde3 package.

The old stable distribution (woody) doesn't contain horde3 packages.

For the stable distribution (sarge) these problems have been fixed in version 3.0.4-4sarge3.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361967

https://security-tracker.debian.org/tracker/CVE-2005-4190

https://security-tracker.debian.org/tracker/CVE-2006-1260

https://security-tracker.debian.org/tracker/CVE-2006-1491

http://www.debian.org/security/2006/dsa-1033

Plugin Details

Severity: High

ID: 22575

File Name: debian_DSA-1033.nasl

Version: 1.18

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:horde3, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2006

Vulnerability Publication Date: 12/11/2005

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2005-4190, CVE-2006-1260, CVE-2006-1491

DSA: 1033