Bug 436628 - (CVE-2008-1284) CVE-2008-1284 horde: arbitrary file inclusion through abuse of the theme preference
CVE-2008-1284 horde: arbitrary file inclusion through abuse of the theme pref...
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Jan ONDREJ
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-08 11:38 EST by Jan ONDREJ
Modified: 2008-03-13 03:42 EDT (History)
0 users

See Also:
Fixed In Version: 3.1.7-1.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-13 03:37:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan ONDREJ 2008-03-08 11:38:13 EST
Description of problem:
http://lists.horde.org/archives/announce/2008/000382.html


Version-Release number of selected component (if applicable):
horde-3.1.6


How reproducible:
unknown
Comment 1 Jan ONDREJ 2008-03-08 12:03:31 EST
Packages are building in koji.
Comment 2 Fedora Update System 2008-03-08 13:11:26 EST
horde-3.1.7-1.fc8 has been submitted as an update for Fedora 8
Comment 3 Fedora Update System 2008-03-08 13:12:28 EST
horde-3.1.7-1.fc7 has been submitted as an update for Fedora 7
Comment 4 Lubomir Kundrak 2008-03-11 15:44:56 EDT
======================================================
Name: CVE-2008-1284
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20080310
Category: 
Reference: BUGTRAQ:20080307 Horde Webmail file inclusion proof of concept & patch.
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded
Reference: BUGTRAQ:20080308 Re: Horde Webmail file inclusion proof of concept &
patch.
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/489289/100/0/threaded
Reference: MLIST:[announce] 20080307  Horde Groupware 1.0.5 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000383.html
Reference: MLIST:[announce] 20080307  Horde Groupware Webmail Edition 1.0.6 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000384.html
Reference: MLIST:[announce] 20080307 Horde 3.1.7 (final)
Reference: URL:http://lists.horde.org/archives/announce/2008/000382.html
Reference: BID:28153
Reference: URL:http://www.securityfocus.com/bid/28153
Reference: FRSIRT:ADV-2008-0822
Reference: URL:http://www.frsirt.com/english/advisories/2008/0822/references
Reference: SECUNIA:29286
Reference: URL:http://secunia.com/advisories/29286
Reference: XF:horde-theme-file-include(41054)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41054

Directory traversal vulnerability in Horde 3.1.6, Groupware before
1.0.5, and Groupware Webmail Edition before 1.0.6, when running with
certain configurations, allows remote authenticated users to read and
execute arbitrary files via ".." sequences and a null byte in the
theme name.
Comment 5 Jan ONDREJ 2008-03-12 01:42:02 EDT
There is still old summary in waiting update. Is it a problem?

https://admin.fedoraproject.org/updates/F8/pending/horde-3.1.7-1.fc8
https://admin.fedoraproject.org/updates/F7/pending/horde-3.1.7-1.fc7
Comment 6 Fedora Update System 2008-03-13 03:37:11 EDT
horde-3.1.7-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-03-13 03:42:13 EDT
horde-3.1.7-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.