CVE-2001-1258
CVSS3.6
发布时间 :2001-07-21 00:00:00
修订时间 :2011-03-07 21:07:04
NMCOS    

[原文]Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.


[CNNVD]Horde IMP 本地 'prefs.lang' 漏洞(CNNVD-200107-138)

        CVE(CAN) ID: CAN-2001-1258
        
        
        
        IMP是由Horde项目组成员开发的一个强大的基于Web的邮件客户程序,Horde程序的框架
        
        提供了对参数设置,压缩,浏览器检测,连接跟踪等功能。
        
        
        
        如果攻击者能够在一台服务器上创建一个文件"prefs.lang",那么该文件中的内容就
        
        会被当作PHP代码执行。
        
        
        
        利用这个漏洞,攻击者可能以Web服务器的权限执行任意代码。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:horde:imp:2.0Horde IMP 2.0
cpe:/a:horde:imp:2.2.2Horde IMP 2.2.2
cpe:/a:horde:imp:2.2.3Horde IMP 2.2.3
cpe:/a:horde:imp:2.2.1Horde IMP 2.2.1
cpe:/a:horde:imp:2.2Horde IMP 2.2
cpe:/a:horde:imp:2.2.5Horde IMP 2.2.5
cpe:/a:horde:imp:2.2.4Horde IMP 2.2.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1258
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1258
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200107-138
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2001/dsa-073
(VENDOR_ADVISORY)  DEBIAN  DSA-073
http://online.securityfocus.com/archive/1/198495
(VENDOR_ADVISORY)  CONFIRM  http://online.securityfocus.com/archive/1/198495
http://www.securityfocus.com/bid/3083
(UNKNOWN)  BID  3083
http://www.iss.net/security_center/static/6906.php
(UNKNOWN)  XF  imp-prefslang-gain-privileges(6906)
http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
(VENDOR_ADVISORY)  CALDERA  CSSA-2001-027.0
http://online.securityfocus.com/archive/1/198495
(UNKNOWN)  CONFIRM  http://online.securityfocus.com/archive/1/198495
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
(UNKNOWN)  CONECTIVA  CLA-2001:410

- 漏洞信息

Horde IMP 本地 'prefs.lang' 漏洞
低危 访问验证错误
2001-07-21 00:00:00 2005-10-20 00:00:00
本地  
        CVE(CAN) ID: CAN-2001-1258
        
        
        
        IMP是由Horde项目组成员开发的一个强大的基于Web的邮件客户程序,Horde程序的框架
        
        提供了对参数设置,压缩,浏览器检测,连接跟踪等功能。
        
        
        
        如果攻击者能够在一台服务器上创建一个文件"prefs.lang",那么该文件中的内容就
        
        会被当作PHP代码执行。
        
        
        
        利用这个漏洞,攻击者可能以Web服务器的权限执行任意代码。
        
        
        
        

- 公告与补丁

        
        
        升级到最新版本
        
        
        
        厂商补丁:
        
        
        
        厂商已经发布了新版本来修正这个问题:
        
        
        
        Conectiva Linux:
        
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/horde-1.2.6-1U41_1cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/imp-2.2.6-1U41_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-mysql-1.2.6-1U41_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-shm-1.2.6-1U41_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-pgsql-1.2.6-1U41_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/horde-1.2.6-1U42_1cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/imp-2.2.6-1U42_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-shm-1.2.6-1U42_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-mysql-1.2.6-1U42_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-pgsql-1.2.6-1U42_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/imp-2.2.6-1U50_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-mysql-1.2.6-1U50_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-1.2.6-1U50_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-shm-1.2.6-1U50_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-pgsql-1.2.6-1U50_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/horde-1.2.6-1U51_1cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/imp-2.2.6-1U51_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-pgsql-1.2.6-1U51_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-mysql-1.2.6-1U51_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-shm-1.2.6-1U51_1cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/imp-2.2.6-1U60_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/horde-1.2.6-1U60_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-mysql-1.2.6-1U60_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-shm-1.2.6-1U60_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-pgsql-1.2.6-1U60_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/horde-1.2.6-1U70_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/imp-2.2.6-1U70_2cl.src.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.6-1U70_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.6-1U70_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.6-1U70_2cl.noarch.rpm
        
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm
        
        
        

- 漏洞信息

9529
Horde IMP prefs.lang Information Disclosure
Information Disclosure
Loss of Confidentiality

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-07-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Horde IMP Local 'prefs.lang' Vulnerability
Access Validation Error 3083
No Yes
2001-07-21 12:00:00 2009-07-11 06:56:00
This vulnerability was discovered in an internal audit and submitted to BugTraq on July 21st, 2001 by "Brent J. Nordquist" <bjn@horde.org>.

- 受影响的程序版本

Horde Project IMP 2.2.4
+ Caldera OpenLinux Server 3.1
+ Horde Project Horde 1.2.4
Horde Project IMP 2.2.3
+ Horde Project Horde 1.2.3
Horde Project IMP 2.2.2
+ Horde Project Horde 1.2.2
Horde Project IMP 2.2.1
+ Horde Project Horde 1.2.1
Horde Project IMP 2.2
+ Horde Project Horde 1.2
Horde Project IMP 2.0
- PHP PHP 4.0.1 pl2
- PHP PHP 4.0.1
- PHP PHP 4.0 0
- PHP PHP 3.0.16
Horde Project IMP 2.2.6
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Debian Linux 2.2
+ Horde Project Horde 1.2.6

- 不受影响的程序版本

Horde Project IMP 2.2.6
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Debian Linux 2.2
+ Horde Project Horde 1.2.6

- 漏洞讨论

IMP is a powerful web-based mail interface/client developed by members of the Horde project. Horde Application Framework provides support for dealing with things like preferences, compression, browser detection, connection tracking, etc.

If an attacker can create a file on a webserver's filesystem called 'prefs.lang' which is world readable then it may be possible for attackers to gain the privileges of the webserver process.

The contents of this file, if it exists on the webserver, can be executed by the PHP interpreter through a vulnerable website.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has addressed this issue in newer versions.


Horde Project IMP 2.0

Horde Project IMP 2.2

Horde Project IMP 2.2.1

Horde Project IMP 2.2.2

Horde Project IMP 2.2.3

Horde Project IMP 2.2.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站