[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Zarafa WebAccess >= 6.40.4 affected by CVE-2013-2205, CVE-2013-2205 and CVE-2012-3414
From: Robert Scheck <robert () fedoraproject ! org>
Date: 2014-10-23 22:04:41
Message-ID: 20141023220441.GA485 () hurricane ! linuxnetz ! de
[Download RAW message or body]
Good evening,
I discovered that Zarafa WebAccess >= 6.40.4 is affected by CVE-2013-2205,
CVE-2013-2205 and CVE-2012-3414 as it bundles the vulnerable SWFUpload from
http://code.google.com/p/swfupload/. Zarafa has been already notified.
[root@tux ~]# rpm -q zarafa-webaccess
zarafa-webaccess-7.1.11-46050
[root@tux ~]#
[root@tux ~]# rpm -ql zarafa-webaccess | grep swfupload.swf | xargs md5sum
3a1c6cc728dddc258091a601f28a9c12 /usr/share/zarafa-webaccess/client/widgets/swfupload/swfupload.swf
[root@tux ~]#
Given that some distributions/downstreams are shipping that vulnerable .swf
file this is just meant as a simple "heads up". There are two solutions:
a) Replace the bundled swfupload.swf by the fork maintained by WordPress
from https://github.com/wordpress/secure-swfupload (upstream will likely
do the same for a future release of Zarafa) or
b) Remove the vulnerable SWFUpload e.g. at packaging time (this is what I
did for Fedora because I never managed it to build the .swf file from
source code to satisfy our Fedora Packaging Guidelines). Copy & paste
example from .spec file for removal:
--- snipp ---
%if 0%{?no_multiupload}
sed '148,155d' $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/webaccess/config.php > \
$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/webaccess/config.php.new
touch -c -r $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/webaccess/config.php{,.new}
mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/webaccess/config.php{.new,}
rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}-webaccess/client/widgets/swfupload/
%endif
--- snapp ---
With kind regards
Robert Scheck
--
Fedora Project * Fedora Ambassador * Fedora Mentor * Fedora Packager
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic