閱讀文章 - 看板 Bugtraq - 批踢踢實業坊

發信人martin.braun@open-xchange.com (Martin Braun),

看板Bugtraq

標題Open-Xchange Security Advisory 2014-03-17

發信站NCTU CS FreeBSD Server (Mon Mar 17 18:13:54 2014)

轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!securityfocus.

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 31065 Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.4.1 and 7.4.2 Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.1-rev10, 7.4.2-rev8 Vendor notification: 2014-02-11 Solution date: 2014-02-28 Public disclosure: 2014-03-17 CVE reference: CVE-2014-2077 CVSSv2: 5.7 = (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND)= Vulnerability Details: Script code that gets entered to the subject field of a mail, either by = direct typing or using reply/forward, gets executed. This is caused by = "aria" tags for screenreaders at the top bar, which do not use sanitized = versions of the content. Note that just reading such a mail will not = trigger the malicious code. Risk: Malicious script code can be executed within a users context. This can = lead to session hijacking or triggering unwanted actions via the web = interface (sending mail, deleting data etc.). Solution: Users should update to the latest patch releases. Users should avoid = replying or forwarding mails from untrusted sources that contain = suspicious subjects. Internal reference: 31185 (Bug ID) Vulnerability type: Information exposure (CWE-200) Vulnerable version: 7.4.2 Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.2-rev9 Vendor notification: 2014-02-18 Solution date: 2014-02-26 Public disclosure: 2014-03-17 CVE reference: CVE-2014-2078 CVSSv2: 3.9 = (AV:N/AC:L/Au:M/C:P/I:N/A:N/E:F/RL:U/RC:C/CDP:LM/TD:M/CR:ND/IR:ND/AR:ND) Vulnerability Details: Under some circumstances it may happen that E-Mail auto configuration = for external accounts fails and returns an email address from a = previously failing configuration attempt from any other user of the = system. Risk: Users may gain unauthorised access to other users data e.g. mail = addresses. Note that passwords are not affected by this. Solution: Users should update to the latest patch releases. As a temporary = workaround, auto configuration for mail could be disabled at the = backend: $ /opt/open-xchange/sbin/stopbundle = com.openexchange.mail.autoconfig.json=