xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Horde IMP存在远程脚本可执行漏洞


发布时间:2001-07-26
更新时间:2001-07-26
严重程度:
威胁程度:普通用户访问权限
错误类型:访问验证错误
利用方式:服务器模式

受影响系统
Horde Horde 1.2.5
Horde Horde 1.2.4
Horde Horde 1.2.3
Horde Horde 1.2.2
Horde Horde 1.2.1
Horde Horde 1.2
Horde Imp 2.2.5
Horde Imp 2.2.4
Horde Imp 2.2.3
Horde IMP 2.2.2
Horde IMP 2.2.1
   + Horde Horde 1.2.1
Horde IMP 2.2
   + Horde Horde 1.2
Horde IMP 2.0
   - PHP PHP 4.0.1pl2
   - PHP PHP 4.0.1
   - PHP PHP 4.00
   - PHP PHP 3.0.16
详细描述
Imp是一个基于WEB的MAIL接口/客户端,其中Hord Application Framework
提供支持处理如压缩,浏览器探测,连接跟踪更功能。
在使用PHPLIB时允许远程攻击者发布恶意输入请求导致IMP从另一个主机上
抓取和执行该脚本。导致攻击者可以获得对WEB系统的访问。

测试代码
尚无

解决方案
临时方法:

在php.ini中查找

allow_url_fopen = On
并把其设置为'off'.

或者下载补丁:
Horde Horde 1.2.5:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 horde-1.2.6-1U41_1cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm

Conectiva upgrade 4.2 horde-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm

Conectiva upgrade 5.0 horde-1.2.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm

Conectiva upgrade 5.1 horde-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm

Conectiva upgrade 6.0 horde-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 horde-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm

Horde Horde 1.2.4:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 horde-1.2.6-1U41_1cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm

Conectiva upgrade 4.2 horde-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm

Conectiva upgrade 5.0 horde-1.2.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm

Conectiva upgrade 5.1 horde-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm

Conectiva upgrade 6.0 horde-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 horde-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm

Horde Horde 1.2.3:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 horde-1.2.6-1U41_1cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm

Conectiva upgrade 4.2 horde-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm

Conectiva upgrade 5.0 horde-1.2.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm

Conectiva upgrade 5.1 horde-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm

Conectiva upgrade 6.0 horde-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 horde-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm

Horde Horde 1.2.2:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 horde-1.2.6-1U41_1cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm

Conectiva upgrade 4.2 horde-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm

Conectiva upgrade 5.0 horde-1.2.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm

Conectiva upgrade 5.1 horde-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm

Conectiva upgrade 6.0 horde-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 horde-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm

Horde Horde 1.2.1:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 horde-1.2.6-1U41_1cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm

Conectiva upgrade 4.2 horde-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm

Conectiva upgrade 5.0 horde-1.2.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm

Conectiva upgrade 5.1 horde-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm

Conectiva upgrade 6.0 horde-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 horde-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm

Horde Horde 1.2:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 horde-1.2.6-1U41_1cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm

Conectiva upgrade 4.2 horde-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm

Conectiva upgrade 5.0 horde-1.2.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm

Conectiva upgrade 5.1 horde-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm

Conectiva upgrade 6.0 horde-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 horde-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm

Horde Imp 2.2.5:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 imp-2.2.6-1U41_2cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm

Conectiva upgrade 4.2 imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm

Conectiva upgrade 5.0 imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm

Conectiva upgrade 5.1 imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm

Conectiva upgrade 6.0 imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm

Horde Imp 2.2.4:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 imp-2.2.6-1U41_2cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm

Conectiva upgrade 4.2 imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm

Conectiva upgrade 5.0 imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm

Conectiva upgrade 5.1 imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm

Conectiva upgrade 6.0 imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm

Horde Imp 2.2.3:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 imp-2.2.6-1U41_2cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm

Conectiva upgrade 4.2 imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm

Conectiva upgrade 5.0 imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm

Conectiva upgrade 5.1 imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm

Conectiva upgrade 6.0 imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm

Horde IMP 2.2.2:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 imp-2.2.6-1U41_2cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm

Conectiva upgrade 4.2 imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm

Conectiva upgrade 5.0 imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm

Conectiva upgrade 5.1 imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm

Conectiva upgrade 6.0 imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm

Horde IMP 2.2.1:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 imp-2.2.6-1U41_2cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm

Conectiva upgrade 4.2 imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm

Conectiva upgrade 5.0 imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm

Conectiva upgrade 5.1 imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm

Conectiva upgrade 6.0 imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm

Horde IMP 2.2:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 imp-2.2.6-1U41_2cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm

Conectiva upgrade 4.2 imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm

Conectiva upgrade 5.0 imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm

Conectiva upgrade 5.1 imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm

Conectiva upgrade 6.0 imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm

Horde IMP 2.0:

PHPLib Team upgrade phplib-7.2d.tar.gz
http://prdownloads.sourceforge.net/phplib/phplib-7.2d.tar.gz

Conectiva upgrade 4.1 imp-2.2.6-1U41_2cl.noarch.rpm
http://www.securityfocus.com/external/ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm

Conectiva upgrade 4.2 imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm

Conectiva upgrade 5.0 imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm

Conectiva upgrade 5.1 imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm

Conectiva upgrade 6.0 imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm

Conectiva upgrade 7.0 imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm

相关信息
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved