Bug 1021964 (CVE-2013-6172)

Summary: CVE-2013-6172 roundcubemail: vulnerability in handling _session argument of utils/save-prefs
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: carnil, christoph.wickert, gwync, mhlavink, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: roundcubemail 0.9.5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-05 18:41:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1021735, 1021965    
Bug Blocks:    

Description Ratul Gupta 2013-10-22 12:24:36 UTC 
Roundcubemail, a browser-based multilingual IMAP client, was found to have a vulnerability, which could allow an attacker to overwrite configuration settings using user preferences, that can result in random file access, manipulated SQL queries or even remote code execution (0.8.6 and older).

The issues are said to be fixed in the latest release, 0.9.5.

References:
http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
https://bugs.gentoo.org/show_bug.cgi?id=488994
Comment 1 Ratul Gupta 2013-10-22 12:25:38 UTC 
Created roundcubemail tracking bugs for this issue:

Affects: epel-all [bug 1021965]
Comment 2 Vincent Danen 2013-11-05 18:41:11 UTC 
Upstream bug report and patch:

http://trac.roundcube.net/ticket/1489382
http://trac.roundcube.net/changeset/70c7df8faa5a9023a2773dc5a38932f1ad3a84aa/github

This was fixed in Fedora and EPEL via roundcubemail-0.9.5-1.