Search...

Debian DSA-914-1 : horde2 - missing input sanitising

2006-10-14T00:00:00

ID DEBIAN_DSA-914.NASL
Type nessus
Reporter This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
Modified 2006-10-14T00:00:00

Description

A vulnerability has been discovered in horde2, a web application suite, that allows attackers to insert arbitrary script code into the error web page.

                                        
                                            #%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-914. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22780);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2005-3570");
  script_bugtraq_id(15409);
  script_xref(name:"DSA", value:"914");

  script_name(english:"Debian DSA-914-1 : horde2 - missing input sanitising");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability has been discovered in horde2, a web application
suite, that allows attackers to insert arbitrary script code into the
error web page."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338983"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-914"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the horde2 package.

The old stable distribution (woody) does not contain horde2 packages.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.8-1sarge1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:horde2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"horde2", reference:"2.2.8-1sarge1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-914.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-914-1 : horde2 - missing input sanitising", "description": "A vulnerability has been discovered in horde2, a web application\nsuite, that allows attackers to insert arbitrary script code into the\nerror web page.", "published": "2006-10-14T00:00:00", "modified": "2006-10-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/22780", "reporter": "This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338983", "http://www.debian.org/security/2005/dsa-914"], "cvelist": ["CVE-2005-3570"], "type": "nessus", "lastseen": "2021-01-06T10:03:41", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3570"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065110", "OPENVAS:65110", "OPENVAS:55916", "OPENVAS:55943"]}, {"type": "osvdb", "idList": ["OSVDB:20815"]}, {"type": "debian", "idList": ["DEBIAN:DSA-914-1:62BD5"]}, {"type": "gentoo", "idList": ["GLSA-200511-20"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200511-20.NASL"]}], "modified": "2021-01-06T10:03:41", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-01-06T10:03:41", "rev": 2}, "vulnersScore": 5.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-914. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22780);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-3570\");\n script_bugtraq_id(15409);\n script_xref(name:\"DSA\", value:\"914\");\n\n script_name(english:\"Debian DSA-914-1 : horde2 - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered in horde2, a web application\nsuite, that allows attackers to insert arbitrary script code into the\nerror web page.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-914\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the horde2 package.\n\nThe old stable distribution (woody) does not contain horde2 packages.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.2.8-1sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:horde2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"horde2\", reference:\"2.2.8-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "22780", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:horde2"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:34:57", "description": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\".", "edition": 3, "cvss3": {}, "published": "2005-11-16T07:42:00", "title": "CVE-2005-3570", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3570"], "modified": "2011-05-19T04:00:00", "cpe": ["cpe:/a:horde:horde:2.2.4_rc1", "cpe:/a:horde:horde:2.2.1", "cpe:/a:horde:horde:2.2.6", "cpe:/a:horde:horde:2.2.4", "cpe:/a:horde:horde:2.2.8", "cpe:/a:horde:horde:2.2", "cpe:/a:horde:horde:2.2.3", "cpe:/a:horde:horde:2.2.5", "cpe:/a:horde:horde:2.2.7"], "id": "CVE-2005-3570", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3570", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:horde:horde:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.4_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:horde:horde:2.2.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-06T11:37:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3570"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019924 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065110", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065110", "type": "openvas", "title": "SLES9: Security update for horde", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019924.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for horde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019924 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65110\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3570\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for horde\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~2.2.5~63.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3570"], "description": "The remote host is missing an update to horde2\nannounced via advisory DSA 914-1.\n\nA vulnerability has been discovered in horde2, a web application\nsuite, that allows attackers to insert arbitrary script code into the\nerror web page.\n\nThe old stable distribution (woody) does not contain horde2 packages.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:55943", "href": "http://plugins.openvas.org/nasl.php?oid=55943", "type": "openvas", "title": "Debian Security Advisory DSA 914-1 (horde2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_914_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 914-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.8-1sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.2.9-1.\n\nWe recommend that you upgrade your horde2 package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20914-1\";\ntag_summary = \"The remote host is missing an update to horde2\nannounced via advisory DSA 914-1.\n\nA vulnerability has been discovered in horde2, a web application\nsuite, that allows attackers to insert arbitrary script code into the\nerror web page.\n\nThe old stable distribution (woody) does not contain horde2 packages.\";\n\n\nif(description)\n{\n script_id(55943);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3570\");\n script_bugtraq_id(15409);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 914-1 (horde2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"horde2\", ver:\"2.2.8-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3570"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200511-20.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:55916", "href": "http://plugins.openvas.org/nasl.php?oid=55916", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200511-20 (horde)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Application Framework is vulnerable to a cross-site scripting\nvulnerability which could lead to the compromise of the victim's browser\ncontent.\";\ntag_solution = \"All Horde Application Framework users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-2.2.9'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200511-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=112491\nhttp://lists.horde.org/archives/announce/2005/000231.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200511-20.\";\n\n \n\nif(description)\n{\n script_id(55916);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(15409);\n script_cve_id(\"CVE-2005-3570\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200511-20 (horde)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/horde\", unaffected: make_list(\"ge 2.2.9\"), vulnerable: make_list(\"lt 2.2.9\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3570"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019924 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65110", "href": "http://plugins.openvas.org/nasl.php?oid=65110", "type": "openvas", "title": "SLES9: Security update for horde", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019924.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for horde\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n horde\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019924 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65110);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3570\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for horde\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~2.2.5~63.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "cvelist": ["CVE-2005-3570"], "edition": 1, "description": "## Solution Description\nUpgrade to version 2.2.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h\n[Secunia Advisory ID:17702](https://secuniaresearch.flexerasoftware.com/advisories/17702/)\n[Secunia Advisory ID:17794](https://secuniaresearch.flexerasoftware.com/advisories/17794/)\n[Secunia Advisory ID:17468](https://secuniaresearch.flexerasoftware.com/advisories/17468/)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml\nOther Advisory URL: http://www.debian.org/security/2005/dsa-914\nMail List Post: http://lists.horde.org/archives/announce/2005/000231.html\n[CVE-2005-3570](https://vulners.com/cve/CVE-2005-3570)\n", "modified": "2005-11-13T04:18:53", "published": "2005-11-13T04:18:53", "href": "https://vulners.com/osvdb/OSVDB:20815", "id": "OSVDB:20815", "type": "osvdb", "title": "Horde Error Messages XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:14", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3570"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 914-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 1st, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : horde2\nVulnerability : missing input sanitising\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-3570\nBugTraq ID : 15409\nDebian Bug : 338983\n\nA vulnerability has been discovered in horde2, a web application\nsuite, that allows attackers to insert arbitary script code into the\nerror web page.\n\nThe old stable distribution (woody) does not contain horde2 packages.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 2.2.8-1sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.2.9-1.\n\nWe recommend that you upgrade your horde2 package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1.dsc\n Size/MD5 checksum: 575 fc3d76af255dd93e839ed24cf7c3ba84\n http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1.diff.gz\n Size/MD5 checksum: 38308 d87c50a15c7133ba4ca29d99c77d5da1\n http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz\n Size/MD5 checksum: 683005 89961af4e4488a908147d7b3a0dc3b44\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1_all.deb\n Size/MD5 checksum: 721182 761d84ac7f89eef150fa21c8b0c79541\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2005-12-01T00:00:00", "published": "2005-12-01T00:00:00", "id": "DEBIAN:DSA-914-1:62BD5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00315.html", "title": "[SECURITY] [DSA 914-1] New horde2 packages fix cross-site scripting", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3570"], "edition": 1, "description": "### Background\n\nThe Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. \n\n### Description\n\nThe Horde Team reported a potential XSS vulnerability. Horde fails to properly escape error messages which may lead to displaying unsanitized error messages via Notification_Listener::getMessage() \n\n### Impact\n\nBy enticing a user to read a specially-crafted e-mail or using a manipulated URL, an attacker can execute arbitrary scripts running in the context of the victim's browser. This could lead to a compromise of the user's browser content. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Horde Application Framework users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-2.2.9\"", "modified": "2005-11-22T00:00:00", "published": "2005-11-22T00:00:00", "id": "GLSA-200511-20", "href": "https://security.gentoo.org/glsa/200511-20", "type": "gentoo", "title": "Horde Application Framework: XSS vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:00", "description": "The remote host is affected by the vulnerability described in GLSA-200511-20\n(Horde Application Framework: XSS vulnerability)\n\n The Horde Team reported a potential XSS vulnerability. Horde fails\n to properly escape error messages which may lead to displaying\n unsanitized error messages via Notification_Listener::getMessage()\n \nImpact :\n\n By enticing a user to read a specially crafted e-mail or using a\n manipulated URL, an attacker can execute arbitrary scripts running in\n the context of the victim's browser. This could lead to a compromise of\n the user's browser content.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "published": "2005-12-07T00:00:00", "title": "GLSA-200511-20 : Horde Application Framework: XSS vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3570"], "modified": "2005-12-07T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:horde"], "id": "GENTOO_GLSA-200511-20.NASL", "href": "https://www.tenable.com/plugins/nessus/20264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200511-20.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20264);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3570\");\n script_xref(name:\"GLSA\", value:\"200511-20\");\n\n script_name(english:\"GLSA-200511-20 : Horde Application Framework: XSS vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200511-20\n(Horde Application Framework: XSS vulnerability)\n\n The Horde Team reported a potential XSS vulnerability. Horde fails\n to properly escape error messages which may lead to displaying\n unsanitized error messages via Notification_Listener::getMessage()\n \nImpact :\n\n By enticing a user to read a specially crafted e-mail or using a\n manipulated URL, an attacker can execute arbitrary scripts running in\n the context of the victim's browser. This could lead to a compromise of\n the user's browser content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://lists.horde.org/archives/announce/2005/000231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.horde.org/archives/announce/2005/000231.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200511-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Horde Application Framework users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-2.2.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/horde\", unaffected:make_list(\"ge 2.2.9\"), vulnerable:make_list(\"lt 2.2.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Horde Application Framework\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}