Horde Application Framework Go.PHP Information Disclosure Vulnerability
BID:17117
Info
Horde Application Framework Go.PHP Information Disclosure Vulnerability
| Bugtraq ID: | 17117 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1260 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2006 12:00AM |
| Updated: | Jul 19 2006 07:57PM |
| Credit: | CodeScan Labs are credited with the discovery of this issue. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 7 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Office Server S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 7.3 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server Horde Project Horde 3.0.9 Horde Project Horde 3.0.8 Horde Project Horde 3.0.7 Horde Project Horde 3.0.6 Horde Project Horde 3.0.4 -RC 2 Horde Project Horde 3.0.4 -RC 1 Horde Project Horde 3.0.4 Horde Project Horde 3.0.3 Horde Project Horde 3.0.2 Horde Project Horde 3.0.1 Horde Project Horde 3.0 Horde Project Horde 2.2.9 Horde Project Horde 2.2.8 Horde Project Horde 2.2.7 Horde Project Horde 2.2.6 Horde Project Horde 2.2.5 Horde Project Horde 2.2.4 -RC1 Horde Project Horde 2.2.4 Horde Project Horde 2.2.3 Horde Project Horde 2.2.1 Horde Project Horde 2.2 Horde Project Horde 2.1.3 Horde Project Horde 2.1 Horde Project Horde 2.0 Horde Project Horde 1.2.8 Horde Project Horde 1.2.7 Horde Project Horde 1.2.6 Horde Project Horde 1.2.5 Horde Project Horde 1.2.4 Horde Project Horde 1.2.3 Horde Project Horde 1.2.2 Horde Project Horde 1.2.1 Horde Project Horde 1.2 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
Horde Project Horde 3.1 |
Discussion
Horde Application Framework Go.PHP Information Disclosure Vulnerability
Horde Application Framework is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve the contents of arbitrary files in the context of the webserver process. Information obtained may aid in further attacks.
Horde Application Framework is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve the contents of arbitrary files in the context of the webserver process. Information obtained may aid in further attacks.
Exploit / POC
Horde Application Framework Go.PHP Information Disclosure Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
Horde Application Framework Go.PHP Information Disclosure Vulnerability
Solution:
The vendor has released version 3.1 to address this issue.
See the referenced vendor advisories for details on obtaining and applying the appropriate updates.
Horde Project Horde 1.2
Horde Project Horde 1.2.1
Horde Project Horde 1.2.2
Horde Project Horde 1.2.3
Horde Project Horde 1.2.4
Horde Project Horde 1.2.8
Horde Project Horde 2.0
Horde Project Horde 2.1
Horde Project Horde 2.1.3
Horde Project Horde 2.2.1
Horde Project Horde 2.2.3
Horde Project Horde 2.2.4
Horde Project Horde 2.2.4 -RC1
Horde Project Horde 2.2.5
Horde Project Horde 2.2.6
Horde Project Horde 2.2.7
Horde Project Horde 2.2.8
Horde Project Horde 2.2.9
Horde Project Horde 3.0
Horde Project Horde 3.0.1
Horde Project Horde 3.0.2
Horde Project Horde 3.0.3
Horde Project Horde 3.0.4 -RC 1
Horde Project Horde 3.0.4 -RC 2
Horde Project Horde 3.0.4
Horde Project Horde 3.0.6
Horde Project Horde 3.0.7
Horde Project Horde 3.0.8
Horde Project Horde 3.0.9
Solution:
The vendor has released version 3.1 to address this issue.
See the referenced vendor advisories for details on obtaining and applying the appropriate updates.
Horde Project Horde 1.2
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 1.2.1
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 1.2.2
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 1.2.3
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 1.2.4
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 1.2.8
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.0
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.1
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.1.3
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.1
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.3
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.4
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.4 -RC1
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.5
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.6
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.7
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.8
-
Debian horde2_2.2.8-1sarge2_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sa rge2_all.deb -
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 2.2.9
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.1
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.2
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.3
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.4 -RC 1
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.4 -RC 2
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.4
-
Debian horde3_3.0.4-4sarge3_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sa rge3_all.deb -
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.6
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.7
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.8
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
Horde Project Horde 3.0.9
-
Horde horde-3.1.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
References
Horde Application Framework Go.PHP Information Disclosure Vulnerability
References:
References:
- Horde 3.1 (final) (Horde)
- Horde Homepage (Horde Project)
- CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior (CodeScan Labs)