• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Horde IMP Database Files SQL Injection Vulnerabilities

Solution:
Debian released an advisory (DSA 229-1) containing incorrect fixes. Debian followed up with a revision (DSA 229-2) which contains the correct fixes.

This issue reportedly does not exist in Horde IMP versions 3.0 and later. Horde IMP 2.2 is no longer being actively developed. Users are advised to upgrade.

Conectiva has released advisory CLA-2003:690 with fixes to address this issue.


Horde IMP 2.2

• Horde IMP 3.1
  http://www.horde.org/imp/3.1/

Horde IMP 2.2.1

• Horde IMP 3.1
  http://www.horde.org/imp/3.1/

Horde IMP 2.2.2

• Horde IMP 3.1
  http://www.horde.org/imp/3.1/

Horde IMP 2.2.3

• Horde IMP 3.1
  http://www.horde.org/imp/3.1/

Horde IMP 2.2.4

• Horde IMP 3.1
  http://www.horde.org/imp/3.1/

Horde IMP 2.2.5

• Horde IMP 3.1
  http://www.horde.org/imp/3.1/

Horde IMP 2.2.6

• Debian imp_2.2.6-0.potato.5.2_all.deb
  Debian GNU/Linux 2.2 alias potato.
  http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-0.potato. 5.2_all.deb


• Debian imp_2.2.6-5.2_all.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-5.2_all.d eb


• Horde IMP 3.1
  http://www.horde.org/imp/3.1/


• S.u.S.E. imp-2.2.6-189.ppc.rpm
  S.u.S.E. 7.3
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zima1/imp-2.2.6-189.ppc.rpm


• S.u.S.E. imp-2.2.6-189.src.rpm
  S.u.S.E. 7.3
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/imp-2.2.6-189.src.rpm


• S.u.S.E. imp-2.2.6-246.i386.rpm
  S.u.S.E. 8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zima1/imp-2.2.6-246.i386.r pm


• S.u.S.E. imp-2.2.6-246.src.rpm
  S.u.S.E. 8.0
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/imp-2.2.6-246.src.rpm


• S.u.S.E. imp-2.2.6-247.i386.rpm
  S.u.S.E. 7.3
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/zima1/imp-2.2.6-247.i386.r pm


• S.u.S.E. imp-2.2.6-247.src.rpm
  S.u.S.E. 7.3
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/imp-2.2.6-247.src.rpm


• S.u.S.E. imp-2.2.6-248.i586.rpm
  S.u.S.E. 8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/imp-2.2.6-248.i58 6.rpm


• S.u.S.E. imp-2.2.6-248.src.rpm
  S.u.S.E. 8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/imp-2.2.6-248.src. rpm


• S.u.S.E. imp-2.2.6-85.sparc.rpm
  S.u.S.E. 7.3
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zima1/imp-2.2.6-85.sparc. rpm


• S.u.S.E. imp-2.2.6-85.src.rpm
  S.u.S.E. 7.3
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/imp-2.2.6-85.src.rpm

Horde IMP 2.2.7

• Horde IMP 3.1
  http://www.horde.org/imp/3.1/

Horde IMP 2.2.8

• Conectiva horde-1.2.8-1U70_2cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-1.2.8-1U70_2cl.noar ch.rpm


• Conectiva horde-1.2.8-2U80_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-1.2.8-2U80_1cl.noarch .rpm


• Conectiva horde-mysql-1.2.8-1U70_2cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-mysql-1.2.8-1U70_2c l.noarch.rpm


• Conectiva horde-mysql-1.2.8-2U80_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-mysql-1.2.8-2U80_1cl. noarch.rpm


• Conectiva horde-pgsql-1.2.8-1U70_2cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-pgsql-1.2.8-1U70_2c l.noarch.rpm


• Conectiva horde-pgsql-1.2.8-2U80_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-pgsql-1.2.8-2U80_1cl. noarch.rpm


• Conectiva horde-shm-1.2.8-1U70_2cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/horde-shm-1.2.8-1U70_2cl. noarch.rpm


• Conectiva horde-shm-1.2.8-2U80_1cl.noarch.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/horde-shm-1.2.8-2U80_1cl.no arch.rpm


• Horde IMP 3.1
  http://www.horde.org/imp/3.1/