CVE-2005-3759
CVSS5.8
发布时间 :2005-11-22 16:03:00
修订时间 :2011-09-13 00:00:00
NMCOS    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.


[CNNVD]Horde MIME浏览器嵌入附件HTML注入漏洞(CNNVD-200511-333)

        IMP是一款基于Web的邮件程序,由Horde项目组开发,可用在Linux/Unix或Microsoft Windows操作系统下,MIME是用于显示其内嵌附件的浏览器。
        Horde IMP内部MIME浏览器在处理gzip格式的附件时存在漏洞,远程攻击者可能利用此漏洞影响浏览器的操作。
        Horde IMP及其内部MIME浏览器默认下不允许显示嵌入消息,因此不会显示可能包含有恶意代码的HTML页面。如果向用户强制显示了恶意附件的话,就会过滤掉HTML页面。同样对使用gzip压缩的文件也做了类似的处理。但是,Horde Mime浏览器错误的处理了gzip嵌入附件。浏览器仅是解压了这些文件并显示为IMP中的嵌入代码。因此,如果压缩文件中包含有JavaScript之类的恶意代码的话,攻击者就可以执行任意代码,导致操控Web界面,删除消息或窃取cookies。

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

cpe:/a:horde:horde:2.2.1
cpe:/a:horde:horde:2.2.7
cpe:/a:horde:horde:3.0
cpe:/a:horde:horde:2.2.6
cpe:/a:horde:horde:2.1
cpe:/a:horde:horde:3.0.7
cpe:/a:horde:horde:1.2.4
cpe:/a:horde:horde:3.0.4_rc2
cpe:/a:horde:horde:1.2.3
cpe:/a:horde:horde:1.2.2
cpe:/a:horde:horde:3.0.6
cpe:/a:horde:horde:2.2.8
cpe:/a:horde:horde:3.0.4_rc1
cpe:/a:horde:horde:2.0
cpe:/a:horde:horde:1.2.8
cpe:/a:horde:horde:1.2.7
cpe:/a:horde:horde:2.2.4_rc1
cpe:/a:horde:horde:3.0.1
cpe:/a:horde:horde:3.0.2
cpe:/a:horde:horde:1.2.6
cpe:/a:horde:horde:3.0.3
cpe:/a:horde:horde:2.1.3
cpe:/a:horde:horde:2.2.5
cpe:/a:horde:horde:2.2.3
cpe:/a:horde:horde:2.2.4
cpe:/a:horde:horde:2.2
cpe:/a:horde:horde:1.2
cpe:/a:horde:horde:2.2.9
cpe:/a:horde:horde:3.0.4
cpe:/a:horde:horde:1.2.1
cpe:/a:horde:horde:1.2.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3759
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3759
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-333
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/15535
(PATCH)  BID  15535
http://www.securityfocus.com/archive/1/archive/1/417436/30/0/threaded
(PATCH)  BUGTRAQ  20051122 Horde MIME Viewer vulnerability
http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml
(PATCH)  GENTOO  GLSA-200511-20
http://www.debian.org/security/2005/dsa-909
(PATCH)  DEBIAN  DSA-909
http://secunia.com/advisories/17703
(VENDOR_ADVISORY)  SECUNIA  17703
http://secunia.com/advisories/17599
(VENDOR_ADVISORY)  SECUNIA  17599
http://lists.horde.org/archives/announce/2005/000232.html
(PATCH)  MLIST  [horde-announce] 20051122 Horde 3.0.7 (final)
http://www.vupen.com/english/advisories/2005/2536
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2536

- 漏洞信息

Horde MIME浏览器嵌入附件HTML注入漏洞
中危 跨站脚本
2005-11-22 00:00:00 2006-06-12 00:00:00
远程  
        IMP是一款基于Web的邮件程序,由Horde项目组开发,可用在Linux/Unix或Microsoft Windows操作系统下,MIME是用于显示其内嵌附件的浏览器。
        Horde IMP内部MIME浏览器在处理gzip格式的附件时存在漏洞,远程攻击者可能利用此漏洞影响浏览器的操作。
        Horde IMP及其内部MIME浏览器默认下不允许显示嵌入消息,因此不会显示可能包含有恶意代码的HTML页面。如果向用户强制显示了恶意附件的话,就会过滤掉HTML页面。同样对使用gzip压缩的文件也做了类似的处理。但是,Horde Mime浏览器错误的处理了gzip嵌入附件。浏览器仅是解压了这些文件并显示为IMP中的嵌入代码。因此,如果压缩文件中包含有JavaScript之类的恶意代码的话,攻击者就可以执行任意代码,导致操控Web界面,删除消息或窃取cookies。

- 公告与补丁

        Debian已经为此发布了一个安全公告(DSA-909-1)以及相应补丁:
        http://www.debian.org/security/2005/dsa-909
        ftp://ftp.horde.org/pub/horde/horde-3.0.7.tar.gz

- 漏洞信息

21051
Horde MIME Viewers Attachment Script Insertion
Remote / Network Access Input Manipulation
Loss of Integrity Patch / RCS, Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-11-22 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.0.7 or higher, as it has been reported to fix this vulnerability. In addition, the vendor has released a patch for some older versions.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Horde MIME Viewer Inline Attachment HTML Injection Vulnerability
Input Validation Error 15535
Yes No
2005-11-22 12:00:00 2006-04-03 10:33:00
This issue was disclosed by the vendor.

- 受影响的程序版本

Horde Project Horde 3.0.6
Horde Project Horde 3.0.4 -RC 2
Horde Project Horde 3.0.4 -RC 1
Horde Project Horde 3.0.4
Horde Project Horde 3.0.3
Horde Project Horde 3.0.2
Horde Project Horde 3.0.1
Horde Project Horde 3.0
Horde Project Horde 2.2.9
Horde Project Horde 2.2.8
Horde Project Horde 2.2.7
Horde Project Horde 2.2.6
Horde Project Horde 2.2.5
Horde Project Horde 2.2.4 -RC1
Horde Project Horde 2.2.4
Horde Project Horde 2.2.3
Horde Project Horde 2.2.1
Horde Project Horde 2.2
Horde Project Horde 2.1.3
Horde Project Horde 2.1
Horde Project Horde 2.0
Horde Project Horde 1.2.8
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
Horde Project Horde 1.2.7
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
Horde Project Horde 1.2.6
Horde Project Horde 1.2.5
Horde Project Horde 1.2.4
Horde Project Horde 1.2.3
Horde Project Horde 1.2.2
Horde Project Horde 1.2.1
Horde Project Horde 1.2
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Horde Project Horde 3.0.7

- 不受影响的程序版本

Horde Project Horde 3.0.7

- 漏洞讨论

Horde MIME Viewer is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has released an update addressing this issue. Contact the vendor for further information.

Debian Linux has released security advisory DSA 909-1 addressing this issue. See the referenced advisory for details on obtaining and applying the appropriate updates.


Horde Project Horde 1.2

Horde Project Horde 1.2.1

Horde Project Horde 1.2.2

Horde Project Horde 1.2.3

Horde Project Horde 1.2.4

Horde Project Horde 1.2.5

Horde Project Horde 1.2.6

Horde Project Horde 1.2.7

Horde Project Horde 1.2.8

Horde Project Horde 2.0

Horde Project Horde 2.1

Horde Project Horde 2.1.3

Horde Project Horde 2.2

Horde Project Horde 2.2.1

Horde Project Horde 2.2.3

Horde Project Horde 2.2.4 -RC1

Horde Project Horde 2.2.4

Horde Project Horde 2.2.5

Horde Project Horde 2.2.6

Horde Project Horde 2.2.7

Horde Project Horde 2.2.8

Horde Project Horde 2.2.9

Horde Project Horde 3.0

Horde Project Horde 3.0.1

Horde Project Horde 3.0.2

Horde Project Horde 3.0.3

Horde Project Horde 3.0.4

Horde Project Horde 3.0.4 -RC 1

Horde Project Horde 3.0.4 -RC 2

Horde Project Horde 3.0.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站