FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- webmail script insertion and php code injection

Affected packages
roundcube < 0.2.1,1

Details

VuXML ID 35c0b572-125a-11de-a964-0030843d3802
Discovery 2009-01-21
Entry 2009-03-16
Modified 2009-03-26

Secunia reports:

Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system.

The HTML "background" attribute within e.g. HTML emails is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if a malicious email is viewed.

Input passed via a vCard is not properly sanitised before being used in a call to "preg_replace()" with the "e" modifier in program/include/rcube_vcard.php. This can be exploited to inject and execute arbitrary PHP code by e.g. tricking a user into importing a malicious vCard file.

References

CVE Name CVE-2009-0413
URL http://secunia.com/advisories/33622/
URL http://sourceforge.net/forum/forum.php?forum_id=927958
URL http://trac.roundcube.net/changeset/2245
URL http://trac.roundcube.net/ticket/1485689