Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-016.0-horde/imp cross scripting vulnerabilities

CSSA-2002-016.0-horde/imp cross scripting vulnerabilities

by Nikola Strahija on April 17th, 2002 There are some potential cross-site scripting (CSS) attacks in the imp and horde programs.


Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to horde-1.2.8-1.i386.rpm
prior to horde-1.2.8-1.src.rpm
prior to imp-2.2.8-1.i386.rpm
prior to imp-2.2.8-1.src.rpm

OpenLinux 3.1 Server prior to horde-1.2.8-1.i386.rpm
prior to horde-1.2.8-1.src.rpm
prior to imp-2.2.8-1.i386.rpm
prior to imp-2.2.8-1.src.rpm


3. Solution

The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

f52d7821dcbefafc220a479a34f359a7 horde-1.2.8-1.i386.rpm
7dec82815fe2a801b40fd1cc64712f28 imp-2.2.8-1.i386.rpm

4.3 Installation

rpm -Fvh horde-1.2.8-1.i386.rpm
rpm -Fvh imp-2.2.8-1.i386.rpm

4.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

2b48821e064674d8b159a3bb1078c619 horde-1.2.8-1.src.rpm
632aa28b3eaf46100fc00a54bd10644a imp-2.2.8-1.src.rpm


5. OpenLinux 3.1 Server

5.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

5.2 Packages

d479bd6ee5b856a3cf212d3b58ddbd98 horde-1.2.8-1.i386.rpm
836b9bc79c208b36d4e6191dcd60ce0d imp-2.2.8-1.i386.rpm

5.3 Installation

rpm -Fvh horde-1.2.8-1.i386.rpm
rpm -Fvh imp-2.2.8-1.i386.rpm

5.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

5.5 Source Packages

c8031ec50e69ad21a6a20b7885be6eeb horde-1.2.8-1.src.rpm
151403a7a889478485be1733c9fa1bd0 imp-2.2.8-1.src.rpm


6. References

Specific references for this advisory:
none


Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr862918, fz520626,
erg712017.


7. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.


8. Acknowledgements

Nuno Loureiro discovered and researched this
problem.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »