LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

horde3: arbitrary code execution

Package(s):horde3 CVE #(s):CVE-2009-3236
Created:September 28, 2009 Updated:April 1, 2010
Description:

From the Debian advisory:

Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.

Alerts:
Fedora FEDORA-2010-5520 2010-04-01
Fedora FEDORA-2010-5483 2010-04-01
SuSE SUSE-SR:2010:004 2010-02-16
Debian DSA-1897-1 2009-09-28
Gentoo 200911-01 2009-11-06
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds