SB2016042111 - Buffer overflow in roundcubemail (Alpine package)
Published: April 21, 2016
Security Bulletin ID
SB2016042111
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Buffer overflow (CVE-ID: CVE-2015-2181)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote authenticated user to execute arbitrary code.
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0ab6742135f1d9f749901bfe61df1072e9e04645
- https://git.alpinelinux.org/aports/commit/?id=3060ff443d4f52866f52a3edc6ec68a9d414918c
- https://git.alpinelinux.org/aports/commit/?id=1c47bb194e5eb625f9d585d14858c8e36db58aa6
- https://git.alpinelinux.org/aports/commit/?id=4c4f8d58da9accb1095c99d0eac8fab34b030b5b