This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 523407 - (CVE-2009-3237) CVE-2009-3237 Horde: XSS in "number" type preferences and in MIME rendering
CVE-2009-3237 Horde: XSS in "number" type preferences and in MIME rendering
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://bugs.horde.org/ticket/?id=8399
impact=moderate,reported=20090915,pub...
: Security
: 523410 (view as bug list)
Depends On: 538227
Blocks: CVE-2009-3236
  Show dependency treegraph
 
Reported: 2009-09-15 07:39 EDT by Jan Lieskovsky
Modified: 2016-03-04 06:55 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-02 06:36:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2009-09-15 07:39:27 EDT
Multiple cross-site scripting (XSS) flaws were identified in Horde:
===================================================================

Flaw #1 - XSS in "number" type preferences:
-------------------------------------------

An improper input validation was found in the way Horde used to process
certain numerical values, provided as HTTP form fields in the preferences
user interface. A remote attacker could issue a specially-crafted HTTP
submit form request, leading to cross-site scripting (XSS).

References:
----------
http://bugs.horde.org/ticket/?id=8399
http://marc.info/?l=horde-announce&m=125291625030436&w=2
http://secunia.com/advisories/36665/2/
http://bugs.gentoo.org/show_bug.cgi?id=285052

Upstream patch:
---------------
http://ftp.horde.org/pub/horde/patches/patch-horde-3.2.4-3.2.5.gz

CVE request:
------------
http://www.openwall.com/lists/oss-security/2009/09/15/4
http://www.openwall.com/lists/oss-security/2009/09/15/5

Affected Fedora Horde versions:
--------------------------------
This issue affects the versions of the Horde package, as shipped with Fedora
releases of 10 and 11, and as shipped within EPEL-5 project.
Comment 1 Jan Lieskovsky 2009-09-15 07:40:20 EDT
Flaw #2 - XSS in MIME rendering:
--------------------------------

An improper input validation was found in the way Horde used to render
certain MIME fields. A remote attacker could provide a specially-crafted
MIME field content, leading to cross-site scripting (XSS), once rendered
by a local, valid Horde user.

References:
-----------
http://bugs.horde.org/ticket/?id=8311
http://marc.info/?l=horde-announce&m=125291625030436&w=2
http://secunia.com/advisories/36665/2/
http://bugs.gentoo.org/show_bug.cgi?id=285052

Upstream patch:
---------------
http://ftp.horde.org/pub/horde/patches/patch-horde-3.2.4-3.2.5.gz

CVE request:
------------
http://www.openwall.com/lists/oss-security/2009/09/15/4
http://www.openwall.com/lists/oss-security/2009/09/15/5  

Affected Fedora Horde versions:
-------------------------------
This issue affects the versions of the Horde package, as shipped with Fedora
releases of 10 and 11, and as shipped within EPEL-5 project.
Comment 2 Jan Lieskovsky 2009-09-17 04:20:30 EDT
Common Vulnerabilities and Exposures assigned an identifier  CVE-2009-3237 to
the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in Horde
Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware
1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition
1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to
inject arbitrary web script or HTML via the (1) crafted number
preferences that are not properly handled in the preference system
(services/prefs.php), as demonstrated by the sidebar_width parameter;
or (2) crafted unknown MIME "text parts" that are not properly handled
in the MIME viewer library (config/mime_drivers.php).

References:
-----------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3237
http://marc.info/?l=horde-announce&m=125292088004087&w=2
http://marc.info/?l=horde-announce&m=125294558611682&w=2
http://marc.info/?l=horde-announce&m=125292314007049&w=2
http://marc.info/?l=horde-announce&m=125295852706029&w=2
http://marc.info/?l=horde-announce&m=125291625030436&w=2
http://marc.info/?l=horde-announce&m=125292339907481&w=2
http://bugs.horde.org/ticket/?id=8311
http://bugs.horde.org/ticket/?id=8399
http://www.osvdb.org/58108
http://www.osvdb.org/58109
http://secunia.com/advisories/36665
http://xforce.iss.net/xforce/xfdb/53202
Comment 3 Jan Lieskovsky 2009-09-17 04:22:22 EDT
*** Bug 523410 has been marked as a duplicate of this bug. ***
Comment 5 Fedora Update System 2010-03-29 13:51:51 EDT
horde-3.3.6-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc11
Comment 6 Fedora Update System 2010-03-29 13:54:03 EDT
horde-3.3.6-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc12
Comment 7 Fedora Update System 2010-03-29 13:55:23 EDT
horde-3.3.6-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc13
Comment 8 Fedora Update System 2010-03-29 14:01:18 EDT
horde-3.3.6-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/horde-3.3.6-1.el5
Comment 9 Fedora Update System 2010-03-31 21:39:41 EDT
horde-3.3.6-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2010-03-31 21:49:59 EDT
horde-3.3.6-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2010-04-01 13:20:06 EDT
horde-3.3.6-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2010-04-01 17:04:44 EDT
horde-3.3.6-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.