Signature Detail

HTTP: Horde IMP Arbitrary SQL Injection

This signature detects attempts to exploit a known vulnerability in Horde IMP version 2. Attackers can send a maliciously crafted URL to mailbox.php3, which can allow them perform arbitrary SQL queries and possibly gain complete server control.

Extended Description

It has been reported that Imp is prone to multiple SQL injection vulnerabilities. IMP, in some cases, does not sufficiently sanitize user-supplied input which is passed to SQL queries. As a result, it is possible to manipulate SQL queries. This may allow a remote attacker to modify query logic or potentially corrupt the database. Consequences will vary depending on the queries used and the capabilities of the underlying database implementation. These issues occur throughout the database command files for different database implementations, for example 'lib/db.pgsql'. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

Affected Products

• Horde Project Horde 1.2.0
• Horde Project Horde 1.2.1
• Horde Project Horde 1.2.2
• Horde Project Horde 1.2.3
• Horde Project Horde 1.2.4
• Horde Project Horde 1.2.5
• Horde Project Horde 1.2.6
• Horde Project Horde 1.2.7
• Horde Project Horde 1.2.8
• Horde Project IMP 2.2
• Horde Project IMP 2.2.0
• Horde Project IMP 2.2.1
• Horde Project IMP 2.2.2
• Horde Project IMP 2.2.3
• Horde Project IMP 2.2.4
• Horde Project IMP 2.2.5
• Horde Project IMP 2.2.6
• Horde Project IMP 2.2.7
• Horde Project IMP 2.2.8

References

• BugTraq: 6559
• CVE: CVE-2003-0025
• URL: http://securityvulns.com/docs3962.html
• URL: http://www.debian.org/security/2003/dsa-229