正文

Horde Products 多个未明漏洞

admin
admin V管理员 /0 评论 /7 阅读
0105
此篇文章发布距今已超过1282天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Horde Products 多个未明漏洞

  • CNNVD编号:CNNVD-200909-252
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2008-7218
  • 漏洞类型: 资料不足
  • 发布时间: 2009-09-13
  • 威胁类型: 远程
  • 更新时间: 2009-09-16
  • 厂        商: horde
  • 漏洞来源: The vendor disclos...

漏洞简介

Horde的Horde API存在未明漏洞。Turba H3、Kronolith H3、Nag、2Mnemo H3、Horde Groupware、以及Groupware Webmail Edition具有未知影响和攻击向量。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Horde Groupware 1.0.2

Horde horde-groupware-1.0.3.tar.gz

ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.0.3.tar.gz

Horde Groupware Webmail Edition 1.0.3

Horde horde-webmail-1.0.4.tar.gz

ftp://ftp.horde.org/pub/horde-webmail/

Horde Mnemo 2.1.1

Horde mnemo-h3-2.1.2.tar.gz

ftp://ftp.horde.org/pub/mnemo/mnemo-h3-2.1.2.tar.gz

Horde Nag 2.1.3

Horde nag-h3-2.1.4.tar.gz

ftp://ftp.horde.org/pub/nag/nag-h3-2.1.4.tar.gz

Horde Turba Contact Manager 2.1.5

Horde turba-h3-2.1.6.tar.gz

ftp://ftp.horde.org/pub/turba/turba-h3-2.1.6.tar.gz

Horde Kronolith 2.1.6

Horde kronolith-h3-2.1.7.tar.gz

ftp://ftp.horde.org/pub/kronolith/kronolith-h3-2.1.7.tar.gz

Horde Horde 3.1.5

Horde horde-3.1.6.tar.gz

ftp://ftp.horde.org/pub/horde/horde-3.1.6.tar.gz

参考网址

来源: MLIST

名称: [announce] 20080206 Horde Groupware Webmail Edition 1.1-RC2

链接:http://lists.horde.org/archives/announce/2008/000377.html

来源: MLIST

名称: [announce] 20080206 Horde Groupware 1.1-RC2

链接:http://lists.horde.org/archives/announce/2008/000376.html

来源: MLIST

名称: [announce] 20080122 Horde 3.2-RC2

链接:http://lists.horde.org/archives/announce/2008/000374.html

来源: MLIST

名称: [announce] 20080122 Kronolith H3 (2.2-RC2)

链接:http://lists.horde.org/archives/announce/2008/000371.html

来源: MLIST

名称: [announce] 20080122 Mnemo H3 (2.2-RC2)

链接:http://lists.horde.org/archives/announce/2008/000369.html

来源: MLIST

名称: [announce] 20080122 Nag H3 (2.2-RC2)

链接:http://lists.horde.org/archives/announce/2008/000368.html

来源: MLIST

名称: [announce] 20080122 Turba H3 (2.2-RC2)

链接:http://lists.horde.org/archives/announce/2008/000367.html

来源: MLIST

名称: [announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)

链接:http://lists.horde.org/archives/announce/2008/000366.html

来源: MLIST

名称: [announce] 20080109 Horde Groupware 1.0.3 (final)

链接:http://lists.horde.org/archives/announce/2008/000365.html

来源: MLIST

名称: [announce] 20080109 Mnemo H3 (2.1.2) (final)

链接:http://lists.horde.org/archives/announce/2008/000364.html

来源: MLIST

名称: [announce] 20080109 Nag H3 (2.1.4) (final)

链接:http://lists.horde.org/archives/announce/2008/000363.html

来源: MLIST

名称: [announce] 20080109 Kronolith H3 (2.1.7) (final)

链接:http://lists.horde.org/archives/announce/2008/000362.html

来源: MLIST

名称: [announce] 20080109 Horde 3.1.6 (final)

链接:http://lists.horde.org/archives/announce/2008/000360.html

来源: FEDORA

名称: FEDORA-2008-2212

链接:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00176.html

来源: XF

名称: horde-hordeapi-privilege-escalation(39599)

链接:http://xforce.iss.net/xforce/xfdb/39599

来源: BID

名称: 27217

链接:http://www.securityfocus.com/bid/27217

来源: OSVDB

名称: 42775

链接:http://www.osvdb.org/42775

来源: SECUNIA

名称: 28382

链接:http://secunia.com/advisories/28382

来源: MLIST

名称: [announce] 20080109 Turba H3 (2.1.6) (final)

链接:http://lists.horde.org/archives/announce/2008/000361.html

受影响实体

  • Horde Turba_h3:2.1.5  
    <!--
    2000-1-1
    -->
  • Horde Turba_h3:2.2:Rc1  
    <!--
    2000-1-1
    -->
  • Horde Groupware_webmail_edition:1.1  
    <!--
    2000-1-1
    -->
  • Horde Horde:3.1.5  
    <!--
    2000-1-1
    -->
  • Horde Groupware_webmail_edition:1.0.3  
    <!--
    2000-1-1
    -->

补丁

    暂无