Technical Description

Multiple vulnerabilities have been identified in various Horde products, which could be exploited by attackes to bypass security restrictions or manipulate certain data.

The first vulnerability is caused by missing ownership validation within Horde API and share changes, which could be exploited by malicious users to gain elevated privileges.

The second issue is caused by an error in the HTML filter that does not filter "frame" and "frameset" HTML elements, which could be exploited by attackers to delete and purge arbitrary messages.

Affected Products

Horde Groupware versions prior to 1.0.3
Horde Groupware Webmail Edition versions prior to 1.0.4
Horde Application Framework versions prior to 3.1.6
Horde IMP versions prior to 4.1.6
Horde Turba versions prior to 2.1.6
Horde Ingo versions prior to 1.1.5
Horde Kronolith versions prior to 2.1.6
Horde Nag versions prior to 2.1.4
Horde Mnemo versions prior to 2.1.2

Solution

Upgrade to Horde Groupware 1.0.3, Horde Groupware Webmail Edition 1.0.4, Horde 3.1.6, IMP H3 (4.1.6), Turba H3 (2.1.6), Ingo H3 (1.1.5), Kronolith H3 (2.1.6), Nag H3 (2.1.4) and Mnemo H3 (2.1.2) :
http://www.horde.org/download/

References

http://www.vupen.com/english/advisories/2008/0103
http://marc.info/?l=horde-announce&r=1&b=200801&w=2
http://secunia.com/secunia_research/2007-102/advisory

Credits

Vulnerabilities reported by the vendor and Ulf Harnhammar (Secunia Research).

ChangeLog

2008-01-10 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.