Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200406-09] Horde-Chora: Remote code execution


Vulnerability Assessment Details

[GLSA-200406-09] Horde-Chora: Remote code execution

Vulnerability Assessment Summary
Horde-Chora: Remote code execution

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200406-09
(Horde-Chora: Remote code execution)


A vulnerability in the diff viewer of Chora permits a possible hacker to inject
shellcode. A possible hacker can exploit PHP's file upload functionality to
upload a malicious binary to a vulnerable server, chmod it as executable,
and run the file.

Impact

A possible hacker could remotely execute arbitrary binaries with the permissions
of the PHP script, conceivably permiting further exploitation of local
vulnerabilities and remote root access.

Workaround

There is no known workaround at this time.

References:
http://security.e-matters.de/advisories/102004.html


Solution:
All users are advised to upgrade to the latest version of Chora:
# emerge sync
# emerge -pv ">=net-www/horde-chora-1.2.2"
# emerge ">=net-www/horde-chora-1.2.2"


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors


Samsung Galaxy Tab A9 (X110) 64GB 4GB RAM International Version (New) picture

Samsung Galaxy Tab A9 (X110) 64GB 4GB RAM International Version (New)

$129.99



Samsung Galaxy Tab A8 10.5

Samsung Galaxy Tab A8 10.5" 64GB Gray WiFi Tab SM-X200NZAZXAR 2022 Model Bundle

$130.00



Samsung Galaxy Tab A 8

Samsung Galaxy Tab A 8" SM-T387V 32GB Verizon Tablet (No SIM Tray) Grade B

$31.99



Samsung Chromebook 2 503C XE503C12-K01US (Octa 5420 1.9GHz - 4GB RAM - 16GB SSD) picture

Samsung Chromebook 2 503C XE503C12-K01US (Octa 5420 1.9GHz - 4GB RAM - 16GB SSD)

$17.92



Samsung XE310XBA Chromebook 4 11.6

Samsung XE310XBA Chromebook 4 11.6" w/Celeron 1.1GHz/4GB/16GB SSD - Used

$38.00



Samsung Galaxy Tab A 8

Samsung Galaxy Tab A 8" SM-T387V 32GB Verizon WIFI + Cellular Grade A Condition

$54.99



NEW Samsung Galaxy Tab A8 10.5-in 32GB Tablet - Gray SM-X200 picture

NEW Samsung Galaxy Tab A8 10.5-in 32GB Tablet - Gray SM-X200

$129.98



Samsung Tab A7 Lite T227U 32GB GSM Unlocked Great picture

Samsung Tab A7 Lite T227U 32GB GSM Unlocked Great

$54.99



Samsung Galaxy Tab A8 - SM-X200 - 32GB - Wi-Fi 10.5

Samsung Galaxy Tab A8 - SM-X200 - 32GB - Wi-Fi 10.5" Gray - EXCELLENT Condition

$109.95



Samsung Galaxy Tab S9 FE SM-X518U 128GB, Wi-Fi+5G (Carrier Unlocked) 10.9

Samsung Galaxy Tab S9 FE SM-X518U 128GB, Wi-Fi+5G (Carrier Unlocked) 10.9"- Gray

$409.98



Discussions

No Discussions have been posted on this vulnerability.