Bug 42797 (CVE-2003-0025) - VUL-0: CVE-2003-0025: imp: SQL injection
Summary: VUL-0: CVE-2003-0025: imp: SQL injection
Status: RESOLVED FIXED
Alias: CVE-2003-0025
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Tomas Crhak
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0025: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2003-07-09 20:16 UTC by Thomas Biege
Modified: 2021-09-27 10:18 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
putonftp template (147 bytes, text/plain)
2003-07-11 17:38 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2003-07-09 20:16:41 UTC 
Hi, 
the following was reported by Conectiva. 
Are we affected too.? 
 
 
- -------------------------------------------------------------------------- 
CONECTIVA LINUX SECURITY ANNOUNCEMENT  
- -------------------------------------------------------------------------- 
 
PACKAGE   : imp 
SUMMARY   : SQL code injection vulnerability 
DATE      : 2003-07-08 11:00:00 
ID        : CLA-2003:690 
RELEVANT 
RELEASES  : 7.0, 8 
 
- ------------------------------------------------------------------------- 
 
DESCRIPTION 
 Imp[1] is a webmail system which uses the Horde framework. 
  
 Jouko Pynnonen reported[3] that the Imp webmail version 2.x has a SQL 
 injection vulnerability[2]. 
  
 Imp can optionally store user preferences, contacts list and session 
 IDs in a SQL database. A remote attacker can use this vulnerability 
 to execute SQL commands and possibly get session IDs and steal 
 another user's webmail session. Other consequences are possible and 
 depend on the privileges Imp has in the database. Usually, these 
 privileges are limited to the Imp database itself, but this is site 
 and database specific. 
  
 This update also contains some fixes for Imp and Horde to make them 
 work with PHP 4.3.2. 
 
 
SOLUTION 
 It is recommended that all Imp users upgrade their packages. 
  
  
 REFERENCES 
 1. http://www.horde.org/imp/ 
 2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0025 
 3. http://marc.theaimsgroup.com/?l=bugtraq&m=104204786206563&w=2 
 
 
UPDATED PACKAGES 
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/horde-1.2.8-1U70_2cl.src.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/imp-2.2.8-1U70_3cl.src.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.8-1U70_2cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.8-1U70_2cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.8-1U70_2cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.8-1U70_2cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/imp-2.2.8-1U70_3cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/8/SRPMS/horde-1.2.8-2U80_1cl.src.rpm 
ftp://atualizacoes.conectiva.com.br/8/SRPMS/imp-2.2.8-2U80_2cl.src.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-1.2.8-2U80_1cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-mysql-1.2.8-2U80_1cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-pgsql-1.2.8-2U80_1cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-shm-1.2.8-2U80_1cl.noarch.rpm 
ftp://atualizacoes.conectiva.com.br/8/RPMS/imp-2.2.8-2U80_2cl.noarch.rpm 
 
 
ADDITIONAL INSTRUCTIONS 
 The apt tool can be used to perform RPM packages upgrades: 
 
 - run:                 apt-get update 
 - after that, execute: apt-get upgrade 
 
 Detailed instructions reagarding the use of apt and upgrade examples  
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en 
 
- ------------------------------------------------------------------------- 
All packages are signed with Conectiva's GPG key. The key and instructions 
on how to import it can be found at  
http://distro.conectiva.com.br/seguranca/chave/?idioma=en 
Instructions on how to check the signatures of the RPM packages can be 
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en 
 
- ------------------------------------------------------------------------- 
All our advisories and generic update instructions can be viewed at 
http://distro.conectiva.com.br/atualizacoes/?idioma=en 
 
- ------------------------------------------------------------------------- 
Copyright (c) 2003 Conectiva Inc. 
http://www.conectiva.com
Comment 1 Thomas Biege 2003-07-09 20:16:41 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2003-07-11 17:38:18 UTC 
Created attachment 13076 [details]
putonftp template

We need a security update for this one...
Comment 3 Tomas Crhak 2003-07-11 19:36:29 UTC 
We have already had a security update for db injection (patches injection and
injection-db) - is this something new or where those fixes incomplete?
Comment 4 Thomas Biege 2003-07-11 19:51:44 UTC 
Oh ok. Do you checked their patches from the source rpm?
Comment 5 Thomas Biege 2003-07-18 16:38:57 UTC 
Some news here? Was it the same bug?
Comment 6 Tomas Crhak 2003-07-28 21:02:08 UTC 
The patches are different, but I believe they are attempting to fix the same
bug. Conectiva has patches for oracle and oci, which we do not have.
It should be more easy for you to compare the patches, as
1. IIRC you have created the SuSE patches
2. you are a security guru
Comment 7 Thomas Biege 2003-07-30 14:56:19 UTC 
If you have security-related question you can't solve on your own, 
send us an email (security-team@) please.
Comment 8 Thomas Biege 2003-08-12 17:51:04 UTC 
I think there was some misunderstanding here, sorry. 
 
I'll close this bug now.
Comment 9 Thomas Biege 2009-10-13 19:36:56 UTC 
CVE-2003-0025: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)