436628 – (CVE-2008-1284) CVE-2008-1284 horde: arbitrary file inclusion through abuse of the theme preference

Bug 436628 (CVE-2008-1284) - CVE-2008-1284 horde: arbitrary file inclusion through abuse of the theme preference

Summary: CVE-2008-1284 horde: arbitrary file inclusion through abuse of the theme pref...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2008-1284
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Jan ONDREJ
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-03-08 16:38 UTC by Jan ONDREJ
Modified:	2008-03-13 07:42 UTC (History)
CC List:	0 users
Fixed In Version:	3.1.7-1.fc8
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-03-13 07:37:13 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jan ONDREJ 2008-03-08 16:38:13 UTC

Description of problem:
http://lists.horde.org/archives/announce/2008/000382.html


Version-Release number of selected component (if applicable):
horde-3.1.6


How reproducible:
unknown

Comment 1 Jan ONDREJ 2008-03-08 17:03:31 UTC

Packages are building in koji.

Comment 2 Fedora Update System 2008-03-08 18:11:26 UTC

horde-3.1.7-1.fc8 has been submitted as an update for Fedora 8

Comment 3 Fedora Update System 2008-03-08 18:12:28 UTC

horde-3.1.7-1.fc7 has been submitted as an update for Fedora 7

Comment 4 Lubomir Kundrak 2008-03-11 19:44:56 UTC

======================================================
Name: CVE-2008-1284
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20080310
Category: 
Reference: BUGTRAQ:20080307 Horde Webmail file inclusion proof of concept & patch.
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded
Reference: BUGTRAQ:20080308 Re: Horde Webmail file inclusion proof of concept &
patch.
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/489289/100/0/threaded
Reference: MLIST:[announce] 20080307  Horde Groupware 1.0.5 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000383.html
Reference: MLIST:[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000384.html
Reference: MLIST:[announce] 20080307 Horde 3.1.7 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000382.html
Reference: BID:28153
Reference: URL:http://www.securityfocus.com/bid/28153
Reference: FRSIRT:ADV-2008-0822
Reference: URL:http://www.frsirt.com/english/advisories/2008/0822/references
Reference: SECUNIA:29286
Reference: URL:http://secunia.com/advisories/29286
Reference: XF:horde-theme-file-include(41054)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41054

Directory traversal vulnerability in Horde 3.1.6, Groupware before
1.0.5, and Groupware Webmail Edition before 1.0.6, when running with
certain configurations, allows remote authenticated users to read and
execute arbitrary files via ".." sequences and a null byte in the
theme name.

Comment 5 Jan ONDREJ 2008-03-12 05:42:02 UTC

There is still old summary in waiting update. Is it a problem?

https://admin.fedoraproject.org/updates/F8/pending/horde-3.1.7-1.fc8
https://admin.fedoraproject.org/updates/F7/pending/horde-3.1.7-1.fc7

Comment 6 Fedora Update System 2008-03-13 07:37:11 UTC

horde-3.1.7-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2008-03-13 07:42:13 UTC

horde-3.1.7-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.