ID BCE47C89-4D3F-11E7-8080-A4BADB2F4699 Type freebsd Reporter FreeBSD Modified 2017-04-28T00:00:00
Description
Roundcube reports:
Roundcube Webmail allows arbitrary password resets by
authenticated users. The problem is caused by an improperly restricted
exec call in the virtualmin and sasl drivers of the password plugin.
{"cve": [{"lastseen": "2021-02-02T06:36:50", "description": "Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-29T19:59:00", "title": "CVE-2017-8114", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8114"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:roundcube:roundcube_webmail:1.1.3", "cpe:/a:roundcube:roundcube_webmail:1.1.1", "cpe:/a:roundcube:roundcube_webmail:1.0.10", "cpe:/a:roundcube:webmail:1.2.2", "cpe:/a:roundcube:roundcube_webmail:1.1.5", "cpe:/a:roundcube:roundcube_webmail:1.1.2", "cpe:/a:roundcube:webmail:1.2.1", "cpe:/a:roundcube:roundcube_webmail:1.2", "cpe:/a:roundcube:webmail:1.1.4", "cpe:/a:roundcube:webmail:1.1", "cpe:/a:roundcube:webmail:1.1.7", "cpe:/a:roundcube:webmail:1.2.3", "cpe:/a:roundcube:roundcube_webmail:1.2.4", "cpe:/a:roundcube:roundcube_webmail:1.1.6", "cpe:/a:roundcube:webmail:1.2.0", "cpe:/a:roundcube:roundcube_webmail:1.1.8"], "id": "CVE-2017-8114", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8114", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:roundcube:roundcube_webmail:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.2:rc:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.2:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*", "cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:roundcube:roundcube_webmail:1.1.6:*:*:*:*:*:*:*"]}], "hackerone": [{"lastseen": "2019-11-20T17:03:05", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2017-8114"], "description": "# Description\n*Password* plugin in its virtualmin driver allows to an attacker, that has a valid username/password to login in his web panel, to execute malicious inputs. This could allow to an attacker to reset victim's password and in some scenarios getting a system shell.\n\n# CVE\nCVE-2017-8114\n\n# Details\n- https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11\n- \u2588\u2588\u2588\u2588\n- https://nvd.nist.gov/vuln/detail/CVE-2017-8114", "modified": "2019-11-12T23:48:02", "published": "2017-06-21T15:42:20", "id": "H1:242119", "href": "https://hackerone.com/reports/242119", "type": "hackerone", "title": "The Internet: Roundcube virtualmin privilege escalation (CVE-2017-8114)", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8114"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2017-05-04T13:33:33", "published": "2017-05-04T13:33:33", "id": "FEDORA:C80246007B4C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: roundcubemail-1.2.5-1.fc26", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8114"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2017-05-08T22:24:10", "published": "2017-05-08T22:24:10", "id": "FEDORA:2C7B56087C5C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: roundcubemail-1.2.5-1.fc24", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8114"], "description": "RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. ", "modified": "2017-05-08T22:33:33", "published": "2017-05-08T22:33:33", "id": "FEDORA:49A55608A1F1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: roundcubemail-1.2.5-1.fc25", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:11:34", "description": "**Roundcube Webmail 1.2.5**\n\nThis is a security update to the stable version 1.2. It primarily\nfixes a recently discovered vulnerability in the virtualmin and sasl\ndrivers of the password plugin plus adds a few cherry-picked bug fixes\nfrom upstream versions. A detailed list of changes is shown below.\n\nIt's considered stable and we recommend to update all productive\ninstallations of Roundcube with this version. Please do backup your\ndata before updating!\n\nCHANGELOG\n\n - Password: Fix security issue in virtualmin and sasl\n drivers [CVE-2017-8114]\n\n - Fix re-positioning of the fixed header of messages list\n in Chrome when using minimal mode toggle and About\n dialog (#5711)\n\n - Fix so settings/upload.inc could not be used by plugins\n (#5694)\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead (#5713)\n\n - Fix bug where namespace prefix could not be truncated on\n folders list if show_real_foldernames=true (#5695)\n\n - Fix bug where base_dn setting was ignored inside\n group_filters (#5720)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : roundcubemail (2017-7263e7d321)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:roundcubemail", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-7263E7D321.NASL", "href": "https://www.tenable.com/plugins/nessus/101656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-7263e7d321.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101656);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8114\");\n script_xref(name:\"FEDORA\", value:\"2017-7263e7d321\");\n\n script_name(english:\"Fedora 26 : roundcubemail (2017-7263e7d321)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Roundcube Webmail 1.2.5**\n\nThis is a security update to the stable version 1.2. It primarily\nfixes a recently discovered vulnerability in the virtualmin and sasl\ndrivers of the password plugin plus adds a few cherry-picked bug fixes\nfrom upstream versions. A detailed list of changes is shown below.\n\nIt's considered stable and we recommend to update all productive\ninstallations of Roundcube with this version. Please do backup your\ndata before updating!\n\nCHANGELOG\n\n - Password: Fix security issue in virtualmin and sasl\n drivers [CVE-2017-8114]\n\n - Fix re-positioning of the fixed header of messages list\n in Chrome when using minimal mode toggle and About\n dialog (#5711)\n\n - Fix so settings/upload.inc could not be used by plugins\n (#5694)\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead (#5713)\n\n - Fix bug where namespace prefix could not be truncated on\n folders list if show_real_foldernames=true (#5695)\n\n - Fix bug where base_dn setting was ignored inside\n group_filters (#5720)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7263e7d321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"roundcubemail-1.2.5-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:44:27", "description": "Roundcube Webmail allows arbitrary password resets by authenticated\nusers. The issue is caused by an improperly restricted exec call in\nthe virtualmin and sasl drivers of the password plugin.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.7.2-9+deb7u7.\n\nWe recommend that you upgrade your roundcube packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-08T00:00:00", "title": "Debian DLA-933-1 : roundcube security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "modified": "2017-05-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:roundcube-plugins", "p-cpe:/a:debian:debian_linux:roundcube-pgsql", "p-cpe:/a:debian:debian_linux:roundcube-core", "p-cpe:/a:debian:debian_linux:roundcube-mysql", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:roundcube"], "id": "DEBIAN_DLA-933.NASL", "href": "https://www.tenable.com/plugins/nessus/99999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-933-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99999);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8114\");\n\n script_name(english:\"Debian DLA-933-1 : roundcube security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Roundcube Webmail allows arbitrary password resets by authenticated\nusers. The issue is caused by an improperly restricted exec call in\nthe virtualmin and sasl drivers of the password plugin.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.7.2-9+deb7u7.\n\nWe recommend that you upgrade your roundcube packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/roundcube\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:roundcube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:roundcube-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:roundcube-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:roundcube-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:roundcube-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"roundcube\", reference:\"0.7.2-9+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-core\", reference:\"0.7.2-9+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-mysql\", reference:\"0.7.2-9+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-pgsql\", reference:\"0.7.2-9+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"roundcube-plugins\", reference:\"0.7.2-9+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:14:31", "description": "**Roundcube Webmail 1.2.5**\n\nThis is a security update to the stable version 1.2. It primarily\nfixes a recently discovered vulnerability in the virtualmin and sasl\ndrivers of the password plugin plus adds a few cherry-picked bug fixes\nfrom upstream versions. A detailed list of changes is shown below.\n\nIt's considered stable and we recommend to update all productive\ninstallations of Roundcube with this version. Please do backup your\ndata before updating!\n\nCHANGELOG\n\n - Password: Fix security issue in virtualmin and sasl\n drivers [CVE-2017-8114]\n\n - Fix re-positioning of the fixed header of messages list\n in Chrome when using minimal mode toggle and About\n dialog (#5711)\n\n - Fix so settings/upload.inc could not be used by plugins\n (#5694)\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead (#5713)\n\n - Fix bug where namespace prefix could not be truncated on\n folders list if show_real_foldernames=true (#5695)\n\n - Fix bug where base_dn setting was ignored inside\n group_filters (#5720)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-09T00:00:00", "title": "Fedora 25 : roundcubemail (2017-ede53aa845)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "modified": "2017-05-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:roundcubemail"], "id": "FEDORA_2017-EDE53AA845.NASL", "href": "https://www.tenable.com/plugins/nessus/100034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ede53aa845.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100034);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8114\");\n script_xref(name:\"FEDORA\", value:\"2017-ede53aa845\");\n\n script_name(english:\"Fedora 25 : roundcubemail (2017-ede53aa845)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Roundcube Webmail 1.2.5**\n\nThis is a security update to the stable version 1.2. It primarily\nfixes a recently discovered vulnerability in the virtualmin and sasl\ndrivers of the password plugin plus adds a few cherry-picked bug fixes\nfrom upstream versions. A detailed list of changes is shown below.\n\nIt's considered stable and we recommend to update all productive\ninstallations of Roundcube with this version. Please do backup your\ndata before updating!\n\nCHANGELOG\n\n - Password: Fix security issue in virtualmin and sasl\n drivers [CVE-2017-8114]\n\n - Fix re-positioning of the fixed header of messages list\n in Chrome when using minimal mode toggle and About\n dialog (#5711)\n\n - Fix so settings/upload.inc could not be used by plugins\n (#5694)\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead (#5713)\n\n - Fix bug where namespace prefix could not be truncated on\n folders list if show_real_foldernames=true (#5695)\n\n - Fix bug where base_dn setting was ignored inside\n group_filters (#5720)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ede53aa845\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"roundcubemail-1.2.5-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:13:50", "description": "**Roundcube Webmail 1.2.5**\n\nThis is a security update to the stable version 1.2. It primarily\nfixes a recently discovered vulnerability in the virtualmin and sasl\ndrivers of the password plugin plus adds a few cherry-picked bug fixes\nfrom upstream versions. A detailed list of changes is shown below.\n\nIt's considered stable and we recommend to update all productive\ninstallations of Roundcube with this version. Please do backup your\ndata before updating!\n\nCHANGELOG\n\n - Password: Fix security issue in virtualmin and sasl\n drivers [CVE-2017-8114]\n\n - Fix re-positioning of the fixed header of messages list\n in Chrome when using minimal mode toggle and About\n dialog (#5711)\n\n - Fix so settings/upload.inc could not be used by plugins\n (#5694)\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead (#5713)\n\n - Fix bug where namespace prefix could not be truncated on\n folders list if show_real_foldernames=true (#5695)\n\n - Fix bug where base_dn setting was ignored inside\n group_filters (#5720)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-09T00:00:00", "title": "Fedora 24 : roundcubemail (2017-c8448d0cad)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "modified": "2017-05-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:roundcubemail"], "id": "FEDORA_2017-C8448D0CAD.NASL", "href": "https://www.tenable.com/plugins/nessus/100031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-c8448d0cad.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100031);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8114\");\n script_xref(name:\"FEDORA\", value:\"2017-c8448d0cad\");\n\n script_name(english:\"Fedora 24 : roundcubemail (2017-c8448d0cad)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Roundcube Webmail 1.2.5**\n\nThis is a security update to the stable version 1.2. It primarily\nfixes a recently discovered vulnerability in the virtualmin and sasl\ndrivers of the password plugin plus adds a few cherry-picked bug fixes\nfrom upstream versions. A detailed list of changes is shown below.\n\nIt's considered stable and we recommend to update all productive\ninstallations of Roundcube with this version. Please do backup your\ndata before updating!\n\nCHANGELOG\n\n - Password: Fix security issue in virtualmin and sasl\n drivers [CVE-2017-8114]\n\n - Fix re-positioning of the fixed header of messages list\n in Chrome when using minimal mode toggle and About\n dialog (#5711)\n\n - Fix so settings/upload.inc could not be used by plugins\n (#5694)\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead (#5713)\n\n - Fix bug where namespace prefix could not be truncated on\n folders list if show_real_foldernames=true (#5695)\n\n - Fix bug where base_dn setting was ignored inside\n group_filters (#5720)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c8448d0cad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"roundcubemail-1.2.5-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:06:16", "description": "The remote host is affected by the vulnerability described in GLSA-201707-11\n(RoundCube: Security bypass)\n\n Authenticated users can arbitrarily reset passwords due to a problem\n caused by an improperly restricted exec call in the virtualmin and sasl\n drivers of the password plugin.\n \nImpact :\n\n Authenticated users can bypass security restrictions and elevate\n privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-10T00:00:00", "title": "GLSA-201707-11 : RoundCube: Security bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "modified": "2017-07-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:roundcube"], "id": "GENTOO_GLSA-201707-11.NASL", "href": "https://www.tenable.com/plugins/nessus/101342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201707-11.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101342);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8114\");\n script_xref(name:\"GLSA\", value:\"201707-11\");\n\n script_name(english:\"GLSA-201707-11 : RoundCube: Security bypass\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201707-11\n(RoundCube: Security bypass)\n\n Authenticated users can arbitrarily reset passwords due to a problem\n caused by an improperly restricted exec call in the virtualmin and sasl\n drivers of the password plugin.\n \nImpact :\n\n Authenticated users can bypass security restrictions and elevate\n privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201707-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RoundCube users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/roundcube-1.2.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:roundcube\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/roundcube\", unaffected:make_list(\"ge 1.2.5\"), vulnerable:make_list(\"lt 1.2.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RoundCube\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:32:51", "description": "This update for roundcubemail fixes one security issues and two bugs.\n\nThe following vulnerability was fixed :\n\n - CVE-2017-8114: Authenticated users may have reset\n arbitrary passwords (boo#1036955)\n\nThe following upstream bugs were fixed :\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead\n\n - Fix bug where base_dn setting was ignored inside\n group_filters", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-16T00:00:00", "title": "openSUSE Security Update : roundcubemail (openSUSE-2017-580)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "modified": "2017-05-16T00:00:00", "cpe": ["cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:roundcubemail", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-580.NASL", "href": "https://www.tenable.com/plugins/nessus/100203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-580.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100203);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-8114\");\n\n script_name(english:\"openSUSE Security Update : roundcubemail (openSUSE-2017-580)\");\n script_summary(english:\"Check for the openSUSE-2017-580 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for roundcubemail fixes one security issues and two bugs.\n\nThe following vulnerability was fixed :\n\n - CVE-2017-8114: Authenticated users may have reset\n arbitrary passwords (boo#1036955)\n\nThe following upstream bugs were fixed :\n\n - Fix regression in LDAP fuzzy search where it always used\n prefix search instead\n\n - Fix bug where base_dn setting was ignored inside\n group_filters\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036955\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected roundcubemail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:roundcubemail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"roundcubemail-1.1.9-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"roundcubemail-1.1.9-17.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"roundcubemail\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:57:46", "description": "Roundcube reports :\n\nRoundcube Webmail allows arbitrary password resets by authenticated\nusers. The problem is caused by an improperly restricted exec call in\nthe virtualmin and sasl drivers of the password plugin.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-12T00:00:00", "title": "FreeBSD : roundcube -- arbitrary password resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "modified": "2017-06-12T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:roundcube"], "id": "FREEBSD_PKG_BCE47C894D3F11E78080A4BADB2F4699.NASL", "href": "https://www.tenable.com/plugins/nessus/100737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100737);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-8114\");\n\n script_name(english:\"FreeBSD : roundcube -- arbitrary password resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Roundcube reports :\n\nRoundcube Webmail allows arbitrary password resets by authenticated\nusers. The problem is caused by an improperly restricted exec call in\nthe virtualmin and sasl drivers of the password plugin.\"\n );\n # https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6be9ef57\"\n );\n # https://vuxml.freebsd.org/freebsd/bce47c89-4d3f-11e7-8080-a4badb2f4699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a18b27e4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:roundcube\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"roundcube<1.2.5,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-07-09T00:19:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8114"], "description": "### Background\n\nFree and open source webmail software for the masses, written in PHP.\n\n### Description\n\nAuthenticated users can arbitrarily reset passwords due to a problem caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. \n\n### Impact\n\nAuthenticated users can bypass security restrictions and elevate privileges. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll RoundCube users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/roundcube-1.2.5\"", "edition": 1, "modified": "2017-07-08T00:00:00", "published": "2017-07-08T00:00:00", "href": "https://security.gentoo.org/glsa/201707-11", "id": "GLSA-201707-11", "title": "RoundCube: Security bypass", "type": "gentoo", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:33:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-09T00:00:00", "id": "OPENVAS:1361412562310872649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872649", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2017-ede53aa845", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2017-ede53aa845\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872649\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-09 07:00:43 +0200 (Tue, 09 May 2017)\");\n script_cve_id(\"CVE-2017-8114\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2017-ede53aa845\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'roundcubemail'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"roundcubemail on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ede53aa845\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5WOCHR5E4U5RGPXKTWWJ2XK6TMIX2DP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~1.2.5~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-09T00:00:00", "id": "OPENVAS:1361412562310872652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872652", "type": "openvas", "title": "Fedora Update for roundcubemail FEDORA-2017-c8448d0cad", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for roundcubemail FEDORA-2017-c8448d0cad\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872652\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-09 07:00:55 +0200 (Tue, 09 May 2017)\");\n script_cve_id(\"CVE-2017-8114\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for roundcubemail FEDORA-2017-c8448d0cad\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'roundcubemail'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"roundcubemail on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-c8448d0cad\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROT7BZEQVEHJKE43GJ4THPJE4EDTXFJ2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"roundcubemail\", rpm:\"roundcubemail~1.2.5~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:11:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "description": "Roundcube Webmail allows arbitrary password resets by authenticated users.\nThe issue is caused by an improperly restricted exec call in the virtualmin\nand sasl drivers of the password plugin.", "modified": "2020-01-29T00:00:00", "published": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310890933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890933", "type": "openvas", "title": "Debian LTS: Security Advisory for roundcube (DLA-933-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890933\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-8114\");\n script_name(\"Debian LTS: Security Advisory for roundcube (DLA-933-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 00:00:00 +0100 (Thu, 25 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00003.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"roundcube on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n0.7.2-9+deb7u7.\n\nWe recommend that you upgrade your roundcube packages.\");\n\n script_tag(name:\"summary\", value:\"Roundcube Webmail allows arbitrary password resets by authenticated users.\nThe issue is caused by an improperly restricted exec call in the virtualmin\nand sasl drivers of the password plugin.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"roundcube\", ver:\"0.7.2-9+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"roundcube-core\", ver:\"0.7.2-9+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"roundcube-mysql\", ver:\"0.7.2-9+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"roundcube-pgsql\", ver:\"0.7.2-9+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"roundcube-plugins\", ver:\"0.7.2-9+deb7u7\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-09-12T17:19:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8114"], "description": "Roundcube Webmail is prone to a arbitrary password reset vulnerability.", "modified": "2019-09-10T00:00:00", "published": "2017-05-15T00:00:00", "id": "OPENVAS:1361412562310106804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106804", "type": "openvas", "title": "Roundcube Webmail Password Reset Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Roundcube Webmail Password Reset Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:roundcube:webmail';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106804\");\n script_version(\"2019-09-10T11:55:44+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-10 11:55:44 +0000 (Tue, 10 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-05-15 13:21:35 +0700 (Mon, 15 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2017-8114\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Roundcube Webmail Password Reset Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"sw_roundcube_detect.nasl\");\n script_mandatory_keys(\"roundcube/detected\");\n\n script_tag(name:\"summary\", value:\"Roundcube Webmail is prone to a arbitrary password reset vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability in the virtualmin and sasl drivers of the password plugin\nallows authenticated users to reset arbitrary passwords.\");\n\n script_tag(name:\"affected\", value:\"Roundcube Webmail prior version 1.0.11, 1.1.x and 1.2.x.\");\n\n script_tag(name:\"solution\", value:\"Update to version, 1.0.11, 1.1.9, 1.2.5 or later.\");\n\n script_xref(name:\"URL\", value:\"https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less(version: version, test_version: \"1.0.11\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.0.11\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"1.1\", test_version2: \"1.1.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.1.9\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"1.2\", test_version2: \"1.2.4\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.2.5\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:32", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8114"], "description": "Package : roundcube\nVersion : 0.7.2-9+deb7u7\nCVE ID : CVE-2017-8114\nDebian Bug : 861388\n\nRoundcube Webmail allows arbitrary password resets by authenticated users.\nThe issue is caused by an improperly restricted exec call in the virtualmin\nand sasl drivers of the password plugin.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n0.7.2-9+deb7u7.\n\nWe recommend that you upgrade your roundcube packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-05-07T21:55:14", "published": "2017-05-07T21:55:14", "id": "DEBIAN:DLA-933-1:1DC2C", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201705/msg00003.html", "title": "[SECURITY] [DLA 933-1] roundcube security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
