Test Kennung:	1.3.6.1.4.1.25623.1.0.702853
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 2853-1 (horde3 - remote code execution)
Zusammenfassung:	Pedro Ribeiro from Agile Information Security found a possible remote;code execution on Horde3, a web application framework. Unsanitized;variables are passed to the unserialize() PHP function. A remote attacker;could specially-craft one of those variables allowing her to load and;execute code.
Beschreibung:	Summary: Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing her to load and execute code. Affected Software/OS: horde3 on Debian Linux Solution: For the oldstable distribution (squeeze), this problem has been fixed in version 3.3.8+debian0-3. In the testing (jessie) and unstable (sid) distributions, Horde is distributed in the php-horde-util package. This problem has been fixed in version 2.3.0-1. We recommend that you upgrade your horde3 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1691 Debian Security Information: DSA-2853 (Google Search) http://www.debian.org/security/2014/dsa-2853 http://seclists.org/oss-sec/2014/q1/156 http://seclists.org/oss-sec/2014/q1/153 http://seclists.org/oss-sec/2014/q1/169
Copyright	Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.