RoundCube Webmail 'generic_message_footer' Value Arbitrary File Access Vulnerability

Bugtraq ID:	58770
Class:	Input Validation Error
CVE:	CVE-2013-1904
Remote:	Yes
Local:	No
Published:	Mar 27 2013 12:00AM
Updated:	Apr 13 2015 08:36PM
Credit:	Sidlyarenko Sergey
Vulnerable:	MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5
Not Vulnerable:

RoundCube Webmail 'generic_message_footer' Value Arbitrary File Access Vulnerability

RoundCube Webmail is prone to an arbitrary file-access vulnerability.

An attacker can exploit this issue to read arbitrary files in the context of the web server process, which may aid in further attacks.

Versions prior to RoundCube Webmail 0.8.6 and 0.7.3 are vulnerable.

RoundCube Webmail 'generic_message_footer' Value Arbitrary File Access Vulnerability

An attacker can use a browser to exploit this issue.

RoundCube Webmail 'generic_message_footer' Value Arbitrary File Access Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.


Mandriva Business Server 1 X86 64

• Mandriva roundcubemail-0.8.6-1.mbs1.noarch.rpm
  http://www.mandriva.com/en/downloads/

MandrakeSoft Enterprise Server 5 x86_64

• Mandriva roundcubemail-0.7.4-0.1mdvmes5.2.noarch.rpm
  http://www.mandriva.com/en/downloads/

MandrakeSoft Enterprise Server 5

• Mandriva roundcubemail-0.7.4-0.1mdvmes5.2.noarch.rpm
  http://www.mandriva.com/en/downloads/

RoundCube Webmail 'generic_message_footer' Value Arbitrary File Access Vulnerability

References:

• Bug 928835 - roundcubemail: Local file inclusion via web UI modification of cer (Red Hat Bugzilla)
  
• [RCD] zero day vulnerability (tested on v8.0 to 9.0) (Sergey Sidlyarenko)
  
• Roundcube Homepage (Roundcube)
  
• Security updates 0.8.6 and 0.7.3 (Roundcube)