TUCoPS :: Linux :: Discontinued :: cs2016-0.txt

horde/imp cross scripting vulnerabilities - Caldera Advisory CSSA-2002-016.0 

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: horde/imp cross scripting vulnerabilities
Advisory number: 	CSSA-2002-016.0
Issue date: 		2002 April 16
Cross reference:
______________________________________________________________________________


1. Problem Description

	There are some potential cross-site scripting (CSS) attacks in
	the imp and horde programs.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to horde-1.2.8-1.i386.rpm
					prior to horde-1.2.8-1.src.rpm
					prior to imp-2.2.8-1.i386.rpm
					prior to imp-2.2.8-1.src.rpm

	OpenLinux 3.1 Server		prior to horde-1.2.8-1.i386.rpm
					prior to horde-1.2.8-1.src.rpm
					prior to imp-2.2.8-1.i386.rpm
					prior to imp-2.2.8-1.src.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

	f52d7821dcbefafc220a479a34f359a7	horde-1.2.8-1.i386.rpm
	7dec82815fe2a801b40fd1cc64712f28	imp-2.2.8-1.i386.rpm

	4.3 Installation

	rpm -Fvh horde-1.2.8-1.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

	2b48821e064674d8b159a3bb1078c619	horde-1.2.8-1.src.rpm
	632aa28b3eaf46100fc00a54bd10644a	imp-2.2.8-1.src.rpm


5. OpenLinux 3.1 Server

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

5.2 Packages

	d479bd6ee5b856a3cf212d3b58ddbd98	horde-1.2.8-1.i386.rpm
	836b9bc79c208b36d4e6191dcd60ce0d	imp-2.2.8-1.i386.rpm

	5.3 Installation

	rpm -Fvh horde-1.2.8-1.i386.rpm
	rpm -Fvh imp-2.2.8-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

5.5 Source Packages

	c8031ec50e69ad21a6a20b7885be6eeb	horde-1.2.8-1.src.rpm
	151403a7a889478485be1733c9fa1bd0	imp-2.2.8-1.src.rpm


6. References

	Specific references for this advisory:
		none


	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr862918, fz520626,
	erg712017.


7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


8. Acknowledgements

	Nuno Loureiro <nuno@eth.pt> discovered and researched this
	problem.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH