SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Horde Internet Messaging Program (IMP) Vendors:   Horde Project
(Caldera Issues Fix) Horde Internet Messaging Program (IMP) Has Another Unfiltered Input That Allows Remote Users to Conduct Cross-Site Scripting Attacks Against IMP Users
SecurityTracker Alert ID:  1004064
SecurityTracker URL:  http://securitytracker.com/id/1004064
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 16 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2.8
Description:   An additional cross-site scripting vulnerability was reported in Horde's Internet Messaging Program (IMP) sever software. A remote user can conduct attacks against IMP users to steal their cookies.

It is reported that a remote user can create a URL that, when loaded by a target (victim) user, will cause arbitrary javascript to be executed by the target user's browser. The code will appear to originate from the server running IMP and will run in the security context of that site. As a result, the code will be able to access the target user's cookies associated with the site running IMP.

A demonstration exploit URL is provided:

status.php3?script=<SCRIPT+LANGUAGE="JavaScript">alerte("pipo")</script>

Impact:   A remote user can cause arbitrary code to be executed by an IMP user's browser with the ability to access the target (victim) user's cookies associated with the site running IMP.
Solution:   The vendor has released a fix.

For OpenLinux 3.1.1 Server:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

f52d7821dcbefafc220a479a34f359a7 horde-1.2.8-1.i386.rpm
7dec82815fe2a801b40fd1cc64712f28 imp-2.2.8-1.i386.rpm

To install:

rpm -Fvh horde-1.2.8-1.i386.rpm
rpm -Fvh imp-2.2.8-1.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

Source Packages:

2b48821e064674d8b159a3bb1078c619 horde-1.2.8-1.src.rpm
632aa28b3eaf46100fc00a54bd10644a imp-2.2.8-1.src.rpm


For OpenLinux 3.1 Server:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

Packages:

d479bd6ee5b856a3cf212d3b58ddbd98 horde-1.2.8-1.i386.rpm
836b9bc79c208b36d4e6191dcd60ce0d imp-2.2.8-1.i386.rpm

To install:

rpm -Fvh horde-1.2.8-1.i386.rpm
rpm -Fvh imp-2.2.8-1.i386.rpm

Source Package Location:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

Source Packages:

c8031ec50e69ad21a6a20b7885be6eeb horde-1.2.8-1.src.rpm
151403a7a889478485be1733c9fa1bd0 imp-2.2.8-1.src.rpm

Vendor URL:  www.horde.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux Server 3.1, 3.1.1

Message History:   This archive entry is a follow-up to the message listed below.
Apr 8 2002 Horde Internet Messaging Program (IMP) Has Another Unfiltered Input That Allows Remote Users to Conduct Cross-Site Scripting Attacks Against IMP Users



 Source Message Contents

Subject:  Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities


--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: horde/imp cross scripting vulnerabilities
Advisory number: 	CSSA-2002-016.0
Issue date: 		2002 April 16
Cross reference:
______________________________________________________________________________


1. Problem Description

	There are some potential cross-site scripting (CSS) attacks in
	the imp and horde programs.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to horde-1.2.8-1.i386.rpm
					prior to horde-1.2.8-1.src.rpm
					prior to imp-2.2.8-1.i386.rpm
					prior to imp-2.2.8-1.src.rpm

	OpenLinux 3.1 Server		prior to horde-1.2.8-1.i386.rpm
					prior to horde-1.2.8-1.src.rpm
					prior to imp-2.2.8-1.i386.rpm
					prior to imp-2.2.8-1.src.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

	4.2 Packages

	f52d7821dcbefafc220a479a34f359a7	horde-1.2.8-1.i386.rpm
	7dec82815fe2a801b40fd1cc64712f28	imp-2.2.8-1.i386.rpm

	4.3 Installation

	rpm -Fvh horde-1.2.8-1.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

	4.5 Source Packages

	2b48821e064674d8b159a3bb1078c619	horde-1.2.8-1.src.rpm
	632aa28b3eaf46100fc00a54bd10644a	imp-2.2.8-1.src.rpm


5. OpenLinux 3.1 Server

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

	5.2 Packages

	d479bd6ee5b856a3cf212d3b58ddbd98	horde-1.2.8-1.i386.rpm
	836b9bc79c208b36d4e6191dcd60ce0d	imp-2.2.8-1.i386.rpm

	5.3 Installation

	rpm -Fvh horde-1.2.8-1.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

	5.5 Source Packages

	c8031ec50e69ad21a6a20b7885be6eeb	horde-1.2.8-1.src.rpm
	151403a7a889478485be1733c9fa1bd0	imp-2.2.8-1.src.rpm


6. References

	Specific references for this advisory:
		none


	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	This security fix closes Caldera incidents sr862918, fz520626,
	erg712017.


7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


8. Acknowledgements

	Nuno Loureiro <nuno@eth.pt> discovered and researched this
	problem.

______________________________________________________________________________

--wRRV7LY7NUeQGEoC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjy8ldkACgkQbluZssSXDTG2dQCgtE/L3nJIeQMQEoQ+m0MEfrAI
W00An2iyylA14IY/59wfmvrXFfNauoBJ
=X6xa
-----END PGP SIGNATURE-----

--wRRV7LY7NUeQGEoC--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC