Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1258

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2001-1258
Last Modified 07 Mar 2011 09:07:04
Published 21 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1258

Summary

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

Vulnerable Systems

Application

  • Horde Imp 2.0

  • Horde Imp 2.2

  • Horde Imp 2.2.1

  • Horde Imp 2.2.2

  • Horde Imp 2.2.3

  • Horde Imp 2.2.4

  • Horde Imp 2.2.5


References

DEBIAN - DSA-073

CONFIRM - http://online.securityfocus.com/archive/1/198495

BID - 3083

XF - imp-prefslang-gain-privileges(6906)

CALDERA - CSSA-2001-027.0

CONECTIVA - CLA-2001:410

BUGTRAQ - 20010721 IMP 2.2.6 (SECURITY) released


Last Updated: 27 May 2016 10:36:58