COMMAND
IMP
SYSTEMS AFFECTED
IMP prior to 2.2.6
PROBLEM
Brent J. Nordquist posted following. The Horde team announces
the availability of IMP 2.2.6, which fixes three potential
security issues.
(1) A PHPLIB vulnerability allowed an attacker to provide a
value for the array element $_PHPLIB[libdir], and thus to get
scripts from another server to load and execute. Incidentally
this problem is not remotely exploitable if you have turned
off transparent URL handling in the fopen() function in PHP.
(Horde 1.2.x ships with its own customized version of PHPLIB,
which has now been patched to prevent this problem.)
(2) By using tricky encodings of "javascript:" an attacker can
cause malicious JavaScript code to execute in the browser of
a user reading email sent by attacker. (IMP 2.2.x already
filters many such patterns; several new ones that were
slipping past the filters are now blocked.)
(3) A hostile user that can create a publicly-readable file named
"prefs.lang" somewhere on the Apache/PHP server can cause
that file to be executed as PHP code. The IMP configuration
files could thus be read, the Horde database password used
to read and alter the database used to store contacts and
preferences, etc. We do not believe this is remotely
exploitable directly through Apache/PHP/IMP; however, shell
access to the server or other means (e.g., FTP) could be
used to create this file.
The Horde Project would like to thank Giancarlo Pinerolo for
reporting problem (1) and Nick Cleaton for reporting problem (2).
Problem (3) was discovered during an internal audit resulting
from the "Study in Scarlet" paper by Shaun Clowes. Problem (3)
was the only "scarlet"-type vulnerability discovered during the
audit; the code looks very good in this regard.
SOLUTION
We strongly recommend that all sites running IMP 2.2.x upgrade to
this version. This release can be downloaded from the following
locations:
ftp://ftp.horde.org/pub/horde/
ftp://ftp.horde.org/pub/imp/
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/horde-1.2.6-1U41_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/imp-2.2.6-1U41_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-1.2.6-1U41_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-mysql-1.2.6-1U41_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-shm-1.2.6-1U41_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.1/noarch/horde-pgsql-1.2.6-1U41_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.1/noarch/imp-2.2.6-1U41_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/horde-1.2.6-1U42_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/imp-2.2.6-1U42_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-shm-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-mysql-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/horde-pgsql-1.2.6-1U42_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/4.2/noarch/imp-2.2.6-1U42_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/horde-1.2.6-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/imp-2.2.6-1U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-mysql-1.2.6-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-1.2.6-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-shm-1.2.6-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/horde-pgsql-1.2.6-1U50_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.0/noarch/imp-2.2.6-1U50_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/horde-1.2.6-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/imp-2.2.6-1U51_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-pgsql-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-mysql-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/horde-shm-1.2.6-1U51_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/5.1/noarch/imp-2.2.6-1U51_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/imp-2.2.6-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/horde-1.2.6-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-mysql-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-shm-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/imp-2.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/horde-pgsql-1.2.6-1U60_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/horde-1.2.6-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/imp-2.2.6-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.6-1U70_2cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.6-1U70_2cl.noarch.rpm
For Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
RPMS/horde-1.2.6-1.i386.rpm
RPMS/imp-2.2.6-1.i386.rpm
SRPMS/horde-1.2.6-1.src.rpm
SRPMS/imp-2.2.6-1.src.rpm
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
