what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2787-1

Debian Security Advisory 2787-1
Posted Oct 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2787-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.

tags | advisory, imap, code execution
systems | linux, debian
advisories | CVE-2013-6172
SHA-256 | 16835cafc45de428b561f8da656aead6d60655755a053be0641fc356c2a3e1f6

Debian Security Advisory 2787-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2787-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
October 27, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : roundcube
Vulnerability : design error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-6172
Debian Bug : 727668

It was discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, does not properly sanitize the _session
parameter in steps/utils/save_pref.inc during saving preferences. The
vulnerability can be exploited to overwrite configuration settings and
subsequently allowing random file access, manipulated SQL queries and
even code execution.

roundcube in the oldstable distribution (squeeze) is not affected by
this problem.

For the stable distribution (wheezy), this problem has been fixed in
version 0.7.2-9+deb7u1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your roundcube packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSbNQmAAoJEAVMuPMTQ89E6zYP/0tlZhlEgadu7xvTauny/zim
RV2WCJFLmRMCGZYhCiOJ2ND50fAnn62CdO+vnWN3JH5FH0KIngLmtGfrq+EPjLwj
rFPGMPKRDZRag8oV3SeKbsHlrcMHS5H/B9GhILst3+32pbwoBE7aH5+wTMYHshsF
TK0whlv73RZge6njPfzqvdkSoIgCLYx4Mc+pXP/pC+wOaSiD/gMjKBh51DoOwpnB
r7rfs7wmy4Ke1Ljsw35LceX64kCP8YC9d7FUPZc8SxUKEk3eojrhnSzpDUBt+Pvl
/S8nAbCbbrosh464szwXL4w6gcZIDDJgvy3u3aTn+XvRCoK6cr8RrdMbBQibR1Xb
9hCdieOs0pkNbBI4yE6bivztAolHlfAwvsgFPcMv3fM26gAsSOC8SRrzRqQrqqqk
1jfUqJETE+W0FkjmZa4W6JiDm78ZP4DNFQCrITRaealMgo2dh2uKua/4PmaBwjJ/
/lrukur5D6mCcLxFEpRA9TwDYVcvWE3cCVL9WhaMBNRJWiuKuaamOujO7jPtzga8
uJZWGKQNTd4rB6WHN4uN2wqltPH3lOIxvOd+2Uu9P9mDwQkgfrQ0s/hwjB3dpPWO
vNqHSeK2j8RZPDD4reulRFC4vEbI3MCXOUcyc+JqgI9Pa61Y0qrM6PwWyoPTDROr
PGySE+o+FGBjlugiGG51
=CNJm
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close