blob: 7ac66a40e618e56eee7856133622479b0bbc2df4 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200701-11">
<title>Kronolith: Local file inclusion</title>
Kronolith contains a flaw that could allow the execution of arbitrary
<product type="ebuild">horde-kronolith</product>
<announced>January 16, 2007</announced>
<revised>January 16, 2007: 01</revised>
<package name="www-apps/horde-kronolith" auto="yes" arch="*">
<unaffected range="ge">2.1.4</unaffected>
<vulnerable range="lt">2.1.4</vulnerable>
Kronolith is a web-based calendar which relies on the Horde Framework
for integration with other applications.
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files.
<impact type="low">
An authenticated attacker could craft an HTTP GET request that uses
directory traversal techniques to execute any file on the web server as
PHP code, which could allow information disclosure or arbitrary code
execution with the rights of the user running the PHP application
(usually the webserver user).
There is no known workaround at this time.
All horde-kronolith users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-apps/horde-kronolith-2.1.4&quot;</code>
<uri link="">CVE-2006-6175</uri>
<metadata tag="requester" timestamp="Sun, 14 Jan 2007 17:58:37 +0000">
<metadata tag="bugReady" timestamp="Sun, 14 Jan 2007 21:54:17 +0000">
<metadata tag="submitter" timestamp="Mon, 15 Jan 2007 12:41:09 +0000">