exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

n.runs-SA-2008.006.txt

n.runs-SA-2008.006.txt
Posted Sep 11, 2008
Authored by Alexios Fakos | Site nruns.com

Horde versions 3.2 through 3.2.1 suffer from a cross site scripting vulnerability due to the handling of MIME attachments.

tags | advisory, xss
advisories | CVE-2008-3823
SHA-256 | c2a3082c148d60c17ee794b27d8f58dbea9dcafc37b3a98ef6dc4162c3890507

n.runs-SA-2008.006.txt

Change Mirror Download
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2008.006 11-Sep-2008
________________________________________________________________________

Vendor: The Horde Project, http://www.horde.org/
Affected Products: Horde >= 3.2, Horde <= 3.2.1
Vulnerability: Cross-Site Scripting in filename MIME attachments
CVE: CVE-2008-3823
oCERT: oCERT-2008-012
Risk: CRITICAL
________________________________________________________________________

Vendor communication:


2008/07/25 Bug found and PoC preparation
2008/07/26 Vulnerability report submitted via oCert online-form
2008/08/05 oCert confirmed the submission. oCert starts the
coordination of affected authors/vendors
2008/09/06 oCert informs all parties about the advisory release
date
2008/09/11 n.runs AG releases this advisory in coordination with
oCert

________________________________________________________________________

Overview:

The Horde project is about creating high quality Open Source
applications, based on PHP and the Horde Framework.

The guiding principles of the Horde Project are to create solid
standards-based applications using intelligent object-oriented design
that, wherever possible, are designed to run on a wide range of
platforms and backends. There is great emphasis on making Horde as
friendly to non-English speakers as possible. The Horde Framework
currently supports many localization features such as unicode and
right-to-left text and generous users have contributed many translations
for the framework and applications.

Currently Horde Project boasts many applications, some already
enterprise-ready and deployed in demanding environments, and some
exciting new ones still in development.


Description:

The Horde Framework fails to properly sanitize the filename of MIME
attachments on received emails.


Impact:

While a webmail user is viewing an email with a malicously prepared
filename attachment, the attacker can highjack victim's account.
This allows him to send emails on behalf of the victim or to do other
arbitrary actions.


Solution:

For detailed information about the fixes, follow the link in the
references section [1] of this document.

________________________________________________________________________

Credits:
Bug found by Alexios Fakos of n.runs AG.

Many thanks to Will Drewry of oCert team for the coordination and
professional communication.
________________________________________________________________________

References:
[1] http://www.ocert.org/advisories/ocert-2008-012.html

This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php

Subscribe to the n.runs newsletter by signing up to:
http://www.nruns.com/newsletter_en.php

________________________________________________________________________

Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
security@nruns.com for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded.
In no event shall n.runs be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages, even if n.runs has been advised of the possibility of
such damages.

Copyright 2008 n.runs AG. All rights reserved. Terms of use apply.

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close