roundcubemail 0.8.5 Local file inclusion via web UI modification of certain config options

2013.03.29

Credit: Jan Lieskovsky

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2013-1904

CWE: CWE-22

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

RoundCube Webmail upstream has released 0.8.6 and 0.7.3
versions to correct one security flaw:

A local file inclusion flaw was found in the way RoundCube
Webmail, a browser-based multilingual IMAP client, performed
validation of the 'generic_message_footer' value provided via
web user interface in certain circumstances. A remote attacker
could issue a specially-crafted request that, when processed
by RoundCube Webmail could allow an attacker to obtain arbitrary
file on the system, accessible with the privileges of the user
running RoundCube Webmail client.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=928835

http://sourceforge.net/news/?group_id=139281&id=310497

http://lists.roundcube.net/pipermail/dev/2013-March/022328.html

https://bugs.gentoo.org/show_bug.cgi?id=463554

http://ow.ly/jtQHM

http://ow.ly/jtQD0

http://ow.ly/jtQNd

http://ow.ly/jtQK0

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

roundcubemail 0.8.5 Local file inclusion via web UI modification of certain config options

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.