Vigil@nce: Horde, several vulnerabilities
September 2009 by Vigil@nce
Three vulnerabilities of Horde can be used by an attacker in order
to create files or to generate a Cross Site Scripting.
– Severity: 2/4
– Consequences: client access/rights, data creation/edition
– Provenance: document
– Means of attack: 2 attacks
– Ability of attacker: beginner (1/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 3
– Creation date: 14/09/2009
– Revision date: 21/09/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
Three vulnerabilities were announced in Horde tools.
An application (Turba, Ansel) with a form containing images
(Horde_Form_Type_image) can be used to overwrite a local file.
[grav:2/4; CVE-2009-3236]
Some MIME data are displayed directly, which generates a Cross
Site Scripting. [grav:2/4; 8311, CVE-2009-3237]
The horde/services/images/colorpicker.php,
horde/services/prefs.php and horde/test.php scripts can be used
for a Cross Site Scripting. [grav:2/4; 8399, CVE-2009-3237]
CHARACTERISTICS
– Identifiers: 8311, 8399, CVE-2009-3236, CVE-2009-3237,
VIGILANCE-VUL-9022
– Url: http://vigilance.fr/vulnerability/Horde-several-vulnerabilities-9022