Mandriva Linux Security Advisory : zarafa (MDVSA-2014:182)
Low Nessus Plugin ID 77839
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated zarafa packages fix security vulnerabilities :
Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server (CVE-2014-0103).
Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450).
SolutionUpdate the affected packages.