[arch-security] [ASA-201601-18] roundcubemail: remote code execution
rgacogne at archlinux.org
Sun Jan 17 15:30:30 UTC 2016
Arch Linux Security Advisory ASA-201601-18
Date : 2016-01-17
CVE-ID : CVE-2015-8770
Package : roundcubemail
Type : remote code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package roundcubemail before version 1.2beta-2 is vulnerable to
remote code execution.
Upgrade to 1.2beta-2.
# pacman -Syu "roundcubemail>=1.2beta-2"
The problem has been fixed upstream in version 1.0.8 and 1.1.4.
High-Tech Bridge Security Research Lab discovered a path traversal
vulnerability in Roundcube. Vulnerability can be exploited to gain
access to sensitive information and under certain circumstances to
execute arbitrary code and totally compromise the vulnerable server.
The vulnerability exists due to insufficient sanitization of "_skin"
HTTP POST parameter in "/index.php" script when changing between
different skins of the web application. A remote authenticated attacker
can use path traversal sequences (e.g. "../../") to load a new skin from
arbitrary location on the system, readable by the webserver.
Exploitation of the vulnerability requires valid user credentials and
ability to create files on vulnerable host.
A remote authenticated attacker can access sensitive information and may
be able to execute arbitrary code on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security