Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:690

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51434

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2003:690

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2003:690.

Imp[1] is a webmail system which uses the Horde framework.

Jouko Pynnonen reported[3] that the Imp webmail version 2.x has a SQL
injection vulnerability[2].

Imp can optionally store user preferences, contacts list and session
IDs in a SQL database. A remote attacker can use this vulnerability
to execute SQL commands and possibly get session IDs and steal
another user's webmail session. Other consequences are possible and
depend on the privileges Imp has in the database. Usually, these
privileges are limited to the Imp database itself, but this is site
and database specific.

This update also contains some fixes for Imp and Horde to make them
work with PHP 4.3.2.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:690
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0025
BugTraq ID: 6559
http://www.securityfocus.com/bid/6559
Bugtraq: 20030108 IMP 2.x SQL injection vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=104204786206563&w=2
Bugtraq: 20030108 Re: IMP 2.x SQL injection vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/306268
Debian Security Information: DSA-229 (Google Search)
http://www.debian.org/security/2003/dsa-229
http://www.securitytracker.com/id?1005904
http://secunia.com/advisories/8087
http://secunia.com/advisories/8177
SuSE Security Announcement: SuSE-SA:2003:0008 (Google Search)

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51434
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2003:690
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2003:690. Imp[1] is a webmail system which uses the Horde framework. Jouko Pynnonen reported[3] that the Imp webmail version 2.x has a SQL injection vulnerability[2]. Imp can optionally store user preferences, contacts list and session IDs in a SQL database. A remote attacker can use this vulnerability to execute SQL commands and possibly get session IDs and steal another user's webmail session. Other consequences are possible and depend on the privileges Imp has in the database. Usually, these privileges are limited to the Imp database itself, but this is site and database specific. This update also contains some fixes for Imp and Horde to make them work with PHP 4.3.2. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:690 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0025 BugTraq ID: 6559 http://www.securityfocus.com/bid/6559 Bugtraq: 20030108 IMP 2.x SQL injection vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104204786206563&w=2 Bugtraq: 20030108 Re: IMP 2.x SQL injection vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/306268 Debian Security Information: DSA-229 (Google Search) http://www.debian.org/security/2003/dsa-229 http://www.securitytracker.com/id?1005904 http://secunia.com/advisories/8087 http://secunia.com/advisories/8177 SuSE Security Announcement: SuSE-SA:2003:0008 (Google Search)
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com