SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Internet Messaging Program (IMP) Vendors:   Horde Project
(Conectiva Issues Fix) Horde Internet Messaging Program (IMP) Has Another Unfiltered Input That Allows Remote Users to Conduct Cross-Site Scripting Attacks Against IMP Users
SecurityTracker Alert ID:  1004242
SecurityTracker URL:  http://securitytracker.com/id/1004242
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 8 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.8
Description:   An additional cross-site scripting vulnerability was reported in Horde's Internet Messaging Program (IMP) sever software. A remote user can conduct attacks against IMP users to steal their cookies.

It is reported that a remote user can create a URL that, when loaded by a target (victim) user, will cause arbitrary javascript to be executed by the target user's browser. The code will appear to originate from the server running IMP and will run in the security context of that site. As a result, the code will be able to access the target user's cookies associated with the site running IMP.

A demonstration exploit URL is provided:

status.php3?script=<SCRIPT+LANGUAGE="JavaScript">alerte("pipo")</script>
Impact:   A remote user can cause arbitrary code to be executed by an IMP user's browser with the ability to access the target (victim) user's cookies associated with the site running IMP.
Solution:   The vendor has released a fix:

ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.8-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/imp-2.2.8-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-mysql-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-pgsql-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-shm-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/horde-1.2.8-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/imp-2.2.8-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-mysql-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-pgsql-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-shm-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/horde-1.2.8-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/imp-2.2.8-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-mysql-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-pgsql-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-shm-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/horde-1.2.8-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/imp-2.2.8-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/horde-1.2.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/imp-2.2.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-mysql-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-pgsql-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-shm-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/imp-2.2.8-1cl.noarch.rpm

Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):

rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
Vendor URL:  www.horde.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Conectiva)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 8 2002 Horde Internet Messaging Program (IMP) Has Another Unfiltered Input That Allows Remote Users to Conduct Cross-Site Scripting Attacks Against IMP Users


 Source Message Contents
Date:  Wed, 8 May 2002 11:50:40 -0300
Subject:  [conectiva-updates] Updated Imp security announcement


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We would like to inform that we have reedited the Imp announcement
at 

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473&idioma=en

to include packages for the Conectiva Linux 8 distribution. This is not 
about new vulnerabilities or changes to the packages that have already been
released. This update is being made only to include packages for CL 8.

The updated announcement follows below.


- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : imp
SUMMARY   : Cross-site scripting vulnerability
DATE      : 2002-04-24 17:37:00
ID        : CLA-2002:473
RELEVANT
RELEASES  : 5.0, 5.1, 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 Imp is a webmail system which uses the Horde framework.
 
 Versions prior do 2.2.8 are vulnerable[1][2] to a cross-site
 scripting attack. The authors have released[3] new versions of Imp
 and Horde (2.2.8 and 1.2.8, respectively) to address this problem.


SOLUTION
 It is recommended that all Imp users upgrade their packages.
 
 
 REFERENCES
 1. http://www.horde.org/imp/2.2/
 2. http://online.securityfocus.com/bid/4444
 3. http://marc.theaimsgroup.com/?l=imp&m=101810541131530&w=2


UPDATED FILES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.8-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/imp-2.2.8-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-mysql-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-pgsql-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-shm-1.2.8-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/horde-1.2.8-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/imp-2.2.8-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-mysql-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-pgsql-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-shm-1.2.8-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/horde-1.2.8-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/imp-2.2.8-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-mysql-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-pgsql-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-shm-1.2.8-1U60_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/horde-1.2.8-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/imp-2.2.8-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.8-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/horde-1.2.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/imp-2.2.8-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-mysql-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-pgsql-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-shm-1.2.8-1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/imp-2.2.8-1cl.noarch.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

 (replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE82Tpz42jd0JmAcZARArm3AKDGf07YVEpr50fgsTL/QfNWlaJUiwCg5dVF
K6VdmWhVsShTy7iIDuZILAw=
=WnGa
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC