Mandriva Linux Security Advisory : roundcubemail (MDVSA-2013:263)
High Nessus Plugin ID 70689
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been discovered and corrected in roundcubemail :
It was discovered that roundcube does not properly sanitize the
_session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution (CVE-2013-6172).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected roundcubemail package.