The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Chora

vulnerability CVE-2007-6018 CVE-2008-7218 CVE-2008-7219

Horde: privilege elevation and Cross Site Scripting

Synthesis of the vulnerability

An attacker can elevate his privileges or create a Cross Site Scripting attack in Horde.
Impacted products: Debian, Fedora, Chora, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, client access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2008.
Identifiers: BID-27217, BID-27223, CERTA-2002-AVI-197, CERTA-2008-AVI-032, CVE-2007-6018, CVE-2008-7218, CVE-2008-7219, DSA-1470-1, FEDORA-2008-2040, FEDORA-2008-2087, FEDORA-2008-2221, SUSE-SR:2009:007, VIGILANCE-VUL-7480.

Description of the vulnerability

The Horde environment proposes features for web application development. It has two vulnerabilities, which also affect derivative applications.

The lib/Horde/Text/Filter/xss.php file implements filters against Cross Site Scripting attacks. However, these filters are not complete, and for example do not handle the FRAME tag. [severity:2/4; CERTA-2008-AVI-032, CVE-2007-6018]

The lib/api.php file implements functions frequently used by Horde. However, some privileged functions do no check if the user is an administrator. Here is the list of affected functions : _horde_removeUserData(), _horde_addGroup(), _horde_removeGroup(), _horde_addUserToGroup(), _horde_addUsersToGroup(), _horde_removeUserFromGroup(), _horde_removeUsersFromGroup(), _horde_listUsersOfGroup(), _horde_addShare(), _horde_removeShare(), _horde_listSharesOfOwner(), _horde_addUserPermissions(), _horde_addGroupPermissions(), _horde_removeUserPermissions(), _horde_removeGroupPermissions(), _horde_listUserPermissions(), _horde_listGroupPermissions(), _horde_listUsersOfShare(), _horde_listGroupsOfShare(). [severity:3/4; CVE-2008-7219]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Chora: