Main Vulnerability Database Vulnerabilities #VU36

Arbitrary file overwrite in during Horde restore - #VU36

Published: June 28, 2016

Vulnerability identifier: #VU36

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-250

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows remote authenticated user to overwrite arbitrary files on the target system.

The vulnerability exists due to incorrect permissions used by Horde during restoration process with old-style CSV data files. The application opens SQLite database with root privileges to write a journal. A remote authenticated attacker can overwrite arbitrary files on the vulnerable system with root privileges.

Successful exploitation of this vulnerability will allow execution of arbitrary code with root privileges.

Remediation

Install the latest version 11.56.0.15, 11.54.0.24, 11.52.6.1 or 11.50.6.2.

Sources

http://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/

Arbitrary file overwrite in during Horde restore - #VU36

Detailed vulnerability description

Remediation

Sources

Please verify you're human