-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux - IMP/HORDE cross site scripting vulnerability
Advisory number: CSSA-2001-039.0
Issue date: 2001, November 22
Cross reference:
______________________________________________________________________________
1. Problem Description
The webmail frontend IMP has a cross site scripting problem, allowing
a remote attacker to send you an E-mail with a malformed URL that when
clicked on will open your mail session to the attacker, allowing him
to read and delete your E-mails.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 not vulnerable
OpenLinux eServer 2.3.1 not vulnerable
and OpenLinux eBuilder
OpenLinux eDesktop 2.4 not vulnerable
OpenLinux Server 3.1 All packages previous to
horde-1.2.7-1
imp-2.2.7-1
OpenLinux Workstation 3.1 not vulnerable
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
not vulnerable
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
not vulnerable
6. OpenLinux eDesktop 2.4
not vulnerable
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
7.2 Verification
53a9d75c760851f79fa72cb451416f96 RPMS/horde-1.2.7-1.i386.rpm
4bb1af4dcd98af6f168543476f691b95 RPMS/imp-2.2.7-1.i386.rpm
d81a0095d83a4f9a7751c923f6afaf71 SRPMS/horde-1.2.7-1.src.rpm
a1eeaf8781edc12f8c90386cd289e0a6 SRPMS/imp-2.2.7-1.src.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh horde-1.2.7-1.i386.rpm imp-2.2.7-1.i386.rpm
Update notes:
If horde was activated in the apache module
"/etc/httpd/modules/mod_php4_horde.conf" you will have to
reconfigure it by changing "deny from all" to "allow from all".
Do not run "/usr/lib(exec)/horde/horde.setup" if you already have
started the script before the update. If you run the script again,
all passwords will be changed back to the default value and you
will have to change them manually in
"/home/httpd/html/horde/imp/config/defaults.php3" and
"/home/httpd/phplib/local.inc"
8. OpenLinux 3.1 Workstation
not vulnerable
9. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 10931.
10. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
11. Acknowledgements
Caldera International wishes to thank Joao Pedro Goncalves for reporting
this problem, and the Horde Project for promptly fixing it.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7/NON18sy83A/qfwRAqa4AKCBDdj12RqfHCjn4hnZlMnUvK5TxwCgwba1
phhM9K8dnQ75bC8XqMbcduo=
=dpFU
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 10:45:54 PST