-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Multiple vulnerabilities in Horde Groupware, IMP H4, and
Groupware Webmail Edition.
14 February 2012
AusCERT Security Bulletin Summary
Product: Horde Groupware
Horde IMP H4
Horde Groupware Webmail Edition
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Cross-site Scripting -- Remote/Unauthenticated
CVE Names: CVE-2012-0791 CVE-2012-0209
Member content until: Thursday, March 15 2012
A vulnerability has been fixed in Horde Groupware 1.2.11 and
multiple vulnerabilities in Horde IMP H4 5.0.18, and Horde
Groupware Webmail Edition 1.2.11 and 4.0.6. 
The Horde Team has provided the following details regarding
vulnerability CVE-2012-0209: 
"A few days ago we became aware of a manipulated file on our FTP
server. Upon further investigation we discovered that the server has
been hacked earlier, and three releases have been manipulated to allow
unauthenticated remote PHP execution.
We have immediately taken down all distribution servers to further
analyze the extent of this incident, and we have worked closely with
various Linux distributions to coordinate our response.
Since then the FTP and PEAR servers have been replaced and further
secured. Clean versions of our releases have been uploaded.
.. no Horde 4 releases were compromised. Our CVS and Git repositories are not
affected either. Linux distributions that are affected will notify and
provide security releases individually."
The National Vulnerability database has the following information on
vulnerability CVE-2012-0791: 
"Multiple cross-site scripting (XSS) vulnerabilities... allow remote
attackers to inject arbitrary web script or HTML via the (1)
composeCache, (2) rtemode, or (3) filename_* parameters to the compose
page; (4) formname parameter to the contacts popup window; or (5) IMAP
Users should upgrade to the latest versions of these products.
 Horde Groupware 1.2.11 (final)
 IMP H4 (5.0.18) (final)
 Horde Groupware Webmail Edition 1.2.11 (final)
 Horde Groupware Webmail Edition 4.0.6 (final)
 Remote execution backdoor after server hack (CVE-2012-0209)
 Vulnerability Summary for CVE-2012-0791
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----