Lucene search
Gentoo FoundationMGASA-2013-0325HistoryNov 18, 2013 - 6:35 p.m.
Updated roundcubemail package fixes security vulnerability
2013-11-1818:35:57
Gentoo Foundation
advisories.mageia.org
8
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.016
Percentile
87.6%
It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution (CVE-2013-6172).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 2 | noarch | roundcubemail | <Â 0.7.4-1.3 | roundcubemail-0.7.4-1.3.mga2 |
| Mageia | 3 | noarch | roundcubemail | <Â 0.9.5-1 | roundcubemail-0.9.5-1.mga3 |
Related
cve
cve
CVE-2013-6172
2013-11-05 18:55:06
nessus
nessus
Fedora 18 : roundcubemail-0.9.5-1.fc18 (2013-19745)
2013-10-31 00:00:00
GLSA-201402-15 : Roundcube: Arbitrary code execution
2014-02-12 00:00:00
Fedora 19 : roundcubemail-0.9.5-1.fc19 (2013-19729)
2013-10-27 00:00:00
osv
osv
roundcube - design error
2013-10-27 00:00:00
cvelist
cvelist
CVE-2013-6172
2013-11-05 18:00:00
gentoo
gentoo
Roundcube: Arbitrary code execution
2014-02-11 00:00:00
openvas
openvas
Fedora Update for roundcubemail FEDORA-2013-19729
2013-10-28 00:00:00
Fedora Update for roundcubemail FEDORA-2013-19729
2013-10-28 00:00:00
Mageia: Security Advisory (MGASA-2013-0325)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DSA 2787-1] roundcube security update
2013-10-27 08:53:13
[SECURITY] [DSA 2787-1] roundcube security update
2013-10-27 08:53:13
[BSA-085] Security Update for roundcube
2013-11-12 21:33:26
fedora
fedora
[SECURITY] Fedora 20 Update: roundcubemail-0.9.5-1.fc20
2013-11-10 07:15:11
[SECURITY] Fedora 19 Update: roundcubemail-0.9.5-1.fc19
2013-10-26 00:56:27
[SECURITY] Fedora 18 Update: roundcubemail-0.9.5-1.fc18
2013-10-31 02:59:02
securityvulns
securityvulns
[ MDVSA-2013:263 ] roundcubemail
2013-12-09 00:00:00
prion
prion
Sql injection
2013-11-05 18:55:00
debiancve
debiancve
CVE-2013-6172
2013-11-05 18:55:06
nvd
nvd
CVE-2013-6172
2013-11-05 18:55:06
ubuntucve
ubuntucve
CVE-2013-6172
2013-11-05 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.016
Percentile
87.6%
Related for MGASA-2013-0325