[VIM] CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde v3.09 and prior (fwd)
jericho at attrition.org
Wed Mar 22 16:45:58 EST 2006
---------- Forwarded message ----------
From: Jan Schneider <jan at horde.org>
To: security curmudgeon <jericho at attrition.org>
Date: Wed, 22 Mar 2006 14:33:51 +0100
Subject: Re: CodeScan Advisory: Unauthenticated Arbitrary File Read in Horde
v3.09 and prior
Zitat von security curmudgeon <jericho at attrition.org>:
> Hey Jan,
> : Just FYI, noone of the Horde developers was able to reproduce this, and
> : it should only be exploitable if you have a PHP version that has bugs in
> : both parse_url() and readfile().
> : Beside that, the reporters unfortunately stopped talking to us in the
> : middle of the process, dunno why.
> If none of the developers were able to reproduce this, do you know why
> CodeScan said the following:
> : > CodeScan Labs has been in contact with Horde and a new version of
> : > the software has been released to address the discovered
> : > vulnerability.
> : >
> : > Users are advised to upgrade to version 3.1
> : > ftp://ftp.horde.org/pub/horde/horde-3.1.tar.gz
> Why would they encourage users to upgrade to 3.1 to fix this, if the devs
> couldnt reproduce it (and I assume write a patch for it)?
Because we worked around it even though we couldn't reproduce it.
Do you need professional PHP or Horde consulting?
More information about the VIM