13 February 2012
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0022 Multiple vulnerabilities in Horde Groupware, IMP H4, and Groupware Webmail Edition. 14 February 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Horde Groupware Horde IMP H4 Horde Groupware Webmail Edition Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Cross-site Scripting -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-0791 CVE-2012-0209 Member content until: Thursday, March 15 2012 OVERVIEW A vulnerability has been fixed in Horde Groupware 1.2.11 and multiple vulnerabilities in Horde IMP H4 5.0.18, and Horde Groupware Webmail Edition 1.2.11 and 4.0.6.  IMPACT The Horde Team has provided the following details regarding vulnerability CVE-2012-0209:  "A few days ago we became aware of a manipulated file on our FTP server. Upon further investigation we discovered that the server has been hacked earlier, and three releases have been manipulated to allow unauthenticated remote PHP execution. We have immediately taken down all distribution servers to further analyze the extent of this incident, and we have worked closely with various Linux distributions to coordinate our response. Since then the FTP and PEAR servers have been replaced and further secured. Clean versions of our releases have been uploaded. .. no Horde 4 releases were compromised. Our CVS and Git repositories are not affected either. Linux distributions that are affected will notify and provide security releases individually." The National Vulnerability database has the following information on vulnerability CVE-2012-0791:  "Multiple cross-site scripting (XSS) vulnerabilities... allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names." MITIGATION Users should upgrade to the latest versions of these products. REFERENCES  Horde Groupware 1.2.11 (final) http://lists.horde.org/archives/announce/2012/000749.html  IMP H4 (5.0.18) (final) http://lists.horde.org/archives/announce/2012/000737.html  Horde Groupware Webmail Edition 1.2.11 (final) http://lists.horde.org/archives/announce/2012/000750.html  Horde Groupware Webmail Edition 4.0.6 (final) http://lists.horde.org/archives/announce/2012/000741.html  Remote execution backdoor after server hack (CVE-2012-0209) http://lists.horde.org/archives/announce/2012/000751.html  Vulnerability Summary for CVE-2012-0791 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0791 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTznNiO4yVqjM2NGpAQLuLxAAhQUrblTKGK+TKQQhrorlvPcpwNJfSs5Z m7lhYr9SiQuv0C0EDCKNCi1rvIQqSpE0guQSJsGnnCzfgMkQboGfMhvXHirbccB+ u5FXjasAoEHkUb/rSee/0gumoZY23+cs+eRpENrrDS62DNRboujVR+10N7fpSt3a W56+eCQO44lAg+yu0icPR9cNECmMz8bN+brAc4NIFXBMssmWvLe4abOr9xxoTu8D Za5kBRHLUvGwL/RXh1AuKaJJcX+6T28qx+RWQZBuiSpsI+6G3b9zn+nQwVk+e2P5 jyAbeB17aDhIPJTXl2YfMsNonKtvFEB2eKAxRvuJd1bhoDMx/fsy7GyShv2m624K FeMF+pTyZM1gK41PcKGQu2lBxmZtCghYrF+STbFKcwDTNKkEpdPuubK5EL9KskzU pANIAhqtVzm6CJGut7iB9z6P2kJuF7W7E7IF0hSmHnNqfogHsG4SJCJFLaaeCHmy HWdqRfM9+TEejY9Lq1N/tdyUgMFGlHTz53akuysKyrFEp3ZBfE2EBPY5lGfko90k 6lDMXsV0+WntvsrpSFj1LCvHR8wlWAzLk4UG1+QY9bCePJlyOskr1xyZ8NaQfTBn 56Px924TlBIc5KEuDy8tpgorinFwrcxWSd+1jShbUHZUH4NVezFHTlvddW77wcO5 juQfKEab1Zc= =XLPf -----END PGP SIGNATURE-----