Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1638 to the following vulnerability: The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1638 [2] http://www.openwall.com/lists/oss-security/2010/05/21/2 [3] http://www.openwall.com/lists/oss-security/2010/05/25/2 [4] http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=74
From reading the CVE description [1] it implies, this is more a question of proper Horde / IMP plugin configuration, than a security flaw (and the security implications an attacker could reach by exploiting this are very low). But separate Red Hat Bugzilla entry filed for the case, there is something, what can be done on the Horde IMP side and could prevent exploitation for any of the installed / used Horde confi- gurations.
-> CLOSED NEXTRELEASE We are upgrading the whole horde and imp stack to the new pear-based version.