Bug 436628 (CVE-2008-1284)

Summary: CVE-2008-1284 horde: arbitrary file inclusion through abuse of the theme preference
Product: [Other] Security Response Reporter: Jan ONDREJ <ondrejj>
Component: vulnerabilityAssignee: Jan ONDREJ <ondrejj>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 3.1.7-1.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-13 07:37:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan ONDREJ 2008-03-08 16:38:13 UTC 
Description of problem:
http://lists.horde.org/archives/announce/2008/000382.html


Version-Release number of selected component (if applicable):
horde-3.1.6


How reproducible:
unknown
Comment 1 Jan ONDREJ 2008-03-08 17:03:31 UTC 
Packages are building in koji.
Comment 2 Fedora Update System 2008-03-08 18:11:26 UTC 
horde-3.1.7-1.fc8 has been submitted as an update for Fedora 8
Comment 3 Fedora Update System 2008-03-08 18:12:28 UTC 
horde-3.1.7-1.fc7 has been submitted as an update for Fedora 7
Comment 4 Lubomir Kundrak 2008-03-11 19:44:56 UTC 
======================================================
Name: CVE-2008-1284
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20080310
Category: 
Reference: BUGTRAQ:20080307 Horde Webmail file inclusion proof of concept & patch.
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded
Reference: BUGTRAQ:20080308 Re: Horde Webmail file inclusion proof of concept &
patch.
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/489289/100/0/threaded
Reference: MLIST:[announce] 20080307  Horde Groupware 1.0.5 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000383.html
Reference: MLIST:[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000384.html
Reference: MLIST:[announce] 20080307 Horde 3.1.7 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000382.html
Reference: BID:28153
Reference: URL:http://www.securityfocus.com/bid/28153
Reference: FRSIRT:ADV-2008-0822
Reference: URL:http://www.frsirt.com/english/advisories/2008/0822/references
Reference: SECUNIA:29286
Reference: URL:http://secunia.com/advisories/29286
Reference: XF:horde-theme-file-include(41054)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41054

Directory traversal vulnerability in Horde 3.1.6, Groupware before
1.0.5, and Groupware Webmail Edition before 1.0.6, when running with
certain configurations, allows remote authenticated users to read and
execute arbitrary files via ".." sequences and a null byte in the
theme name.
Comment 5 Jan ONDREJ 2008-03-12 05:42:02 UTC 
There is still old summary in waiting update. Is it a problem?

https://admin.fedoraproject.org/updates/F8/pending/horde-3.1.7-1.fc8
https://admin.fedoraproject.org/updates/F7/pending/horde-3.1.7-1.fc7
Comment 6 Fedora Update System 2008-03-13 07:37:11 UTC 
horde-3.1.7-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-03-13 07:42:13 UTC 
horde-3.1.7-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.