Debian Security Advisory DSA 1642-1 (horde3) Network Vulnerability

Summary

The remote host is missing an update to horde3 announced via advisory DSA 1642-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201642-1

Insight

Will Drewry discovered that the Horde, allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting. For the stable distribution (etch), this problem has been fixed in version 3.1.3-4etch4. For the testing distribution (lenny), this problem has been fixed in version 3.2.1+debian0-2+lenny1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your horde3 package.

Severity

Classification

CVE CVE-2008-3823

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 1032-1 (zope-cmfplone)
Debian Security Advisory DSA 007-1 (zope)
Debian Security Advisory DSA 080-1 (htdig)
Debian Security Advisory DSA 023-1 (inn2)

Take action and discover your vulnerabilities