IMP 2.2.6 (SECURITY) released

Brent J. Nordquist bjn@horde.org
Mon, 23 Jul 2001 07:51:28 -0500 (CDT)

Previous message: [imp] OT: Looking for a PHP based helpdesk tool
Next message: IMP 2.2.6 (SECURITY) released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 22 Jul 2001, Christopher McCrory <chrismcc@pricegrabber.com> wrote:

> 	I have bee running horde/imp on several machines.  I am using the code
> from cvs.  Is the cvs HEAD tree fixed also?

HEAD is covered for these three; a quick breakdown of the three problems:

> > (1)  A PHPLIB vulnerability allowed an attacker to provide a value for
> > the array element $_PHPLIB[libdir], and thus to get scripts from another
> > server to load and execute.

HEAD doesn't use PHPLIB, so this one doesn't apply.

> > (2)  By using tricky encodings of "javascript:" an attacker can cause
> > malicious JavaScript code to execute in the browser of a user reading
> > email sent by attacker.

Fixes to HEAD for this problem were actually committed before the 2.2.x
back-port was, so this one is covered.

> > (3)  A hostile user that can create a publicly-readable file named
> > "prefs.lang" somewhere on the Apache/PHP server can cause that file to be
> > executed as PHP code.

This one is a particular crack in the armor of imp/prefs.php3 -- the HEAD
code is so different as to make this particular vulnerability not
applicable to it.  (The HEAD code could probably use a review for
"scarlet"-type vulnerabilities.)

-- 
Brent J. Nordquist <bjn@horde.org> N0BJN
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942

Previous message: [imp] OT: Looking for a PHP based helpdesk tool
Next message: IMP 2.2.6 (SECURITY) released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]