Launchpad.net

CVE 2008-1284

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

Related bugs and status

CVE-2008-1284 (Candidate) is related to these bugs:

Bug #203456: [horde3] [CVE-2008-1284] information disclosure

		In	Importance	Status
203456	[horde3] [CVE-2008-1284] information disclosure	horde3 (Ubuntu)	High	Fix Released
203456	[horde3] [CVE-2008-1284] information disclosure	horde3 (Debian)	Unknown	Fix Released
203456	[horde3] [CVE-2008-1284] information disclosure	horde3 (Ubuntu Dapper)	High	Fix Released
203456	[horde3] [CVE-2008-1284] information disclosure	horde3 (Ubuntu Edgy)	High	Fix Released
203456	[horde3] [CVE-2008-1284] information disclosure	horde3 (Ubuntu Gutsy)	High	Fix Released
203456	[horde3] [CVE-2008-1284] information disclosure	horde3 (Ubuntu Feisty)	High	Fix Released
203456	[horde3] [CVE-2008-1284] information disclosure	horde3 (Ubuntu Hardy)	High	Fix Released

Bug #207049: [non-FFe] horde3 3.1.7

Summary				In	Importance	Status
	207049	[non-FFe] horde3 3.1.7		horde3 (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [announce] 20080307 H...
MLIST: [announce] 20080307 H...
MLIST: [announce] 20080307 Ho...
BID: 28153
SECUNIA: 29286
FEDORA: FEDORA-2008-2362
FEDORA: FEDORA-2008-2406
SECUNIA: 29374
DEBIAN: DSA-1519
SECUNIA: 29400
SREASON: 3726
GENTOO: GLSA-200805-01
SECUNIA: 30047
VUPEN: ADV-2008-0822
XF: horde-theme-file-inclu...
BUGTRAQ: 20080307 Horde Webmail...
BUGTRAQ: 20080308 Re: Horde Web...