openSUSE Security Update : horde5 (openSUSE-SU-2013:1826-1)

it fixes config directory permission and owner for bnc811369 CVE-2013-1090 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-938. The text description of this plugin is C SUSE LLC...

CVE-2013-1090

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

Buffer overflow

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors...

CVE-2013-1090

CVE-2013-1090 affects the SUSE horde5 package prior to 5.0.2-2.4.1. The issue is incorrect ownership for certain configuration files and directories, including /etc/apache2/vhosts.d, which can enable local wwwrun users to gain privileges via unspecified vectors. This is a local-privilege-escalati...