Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
BID:22985
Info
Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
| Bugtraq ID: | 22985 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1474 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 15 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | The discoverer of this vulnerability wishes to remain anonymous. |
| Vulnerable: |
Horde Project IMP 3.2.6 Horde Project IMP 3.2.1 Horde Project IMP 3.1 Horde Project IMP 3.0 Horde Project IMP 2.3.6 Horde Project IMP 2.2.8 Horde Project IMP 2.0.9 Horde Project IMP 2.0.8 Horde Project IMP 2.0 Horde Framework 3.1.3 Horde Framework 3.0.4 Horde Framework 3.0 |
| Not Vulnerable: | |
Discussion
Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
Horde Framework and IMP are prone to a vulnerability that allows a local attacker to delete arbitrary files in the context of the user running the application.
A successful attack can reduce the integrity of affected computers and may aid in further attacks.
Horde Framework and IMP are prone to a vulnerability that allows a local attacker to delete arbitrary files in the context of the user running the application.
A successful attack can reduce the integrity of affected computers and may aid in further attacks.
Exploit / POC
Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
An attacker could exploit this issue by creating a file '/tmp/x /etc/passwd /tmpmswordx' and running the affected cron script. This will result in the deletion of '/tmp/x', '/etc/passwd', and '/tmp/mswordx'.
An attacker could exploit this issue by creating a file '/tmp/x /etc/passwd /tmpmswordx' and running the affected cron script. This will result in the deletion of '/tmp/x', '/etc/passwd', and '/tmp/mswordx'.
Solution / Fix
Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
Solution:
The vendor has released version 3.1.4 to address this issue. Please see the references for more information.
Horde Framework 3.0
Horde Framework 3.0.4
Horde Framework 3.1.3
Solution:
The vendor has released version 3.1.4 to address this issue. Please see the references for more information.
Horde Framework 3.0
-
Horde horde-3.1.4.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.4.tar.gz
Horde Framework 3.0.4
-
Horde horde-3.1.4.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.4.tar.gz
Horde Framework 3.1.3
-
Horde horde-3.1.4.tar.gz
ftp://ftp.horde.org/pub/horde/horde-3.1.4.tar.gz
References
Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
References:
References:
- Pandora Homepage (Pandora FMS Team)
- Horde Project Cleanup Script Arbitrary File Deletion Vulnerability (iDefense Labs)