Debian: DSA-073-1 Severe: IMP Remote Exploits, Threats & Fixes

Package : imp
Problem type : 3 remote exploits
Debian-specific: no

The Horde team released version 2.2.6 of IMP (a web based IMAP mail
program) which fixes three security problems. Their release announcement
describes them as follows:

1. A PHPLIB vulnerability allowed an attacker to provide a value for the
array element $_PHPLIB[libdir], and thus to get scripts from another
server to load and execute. This vulnerability is remotely
exploitable. (Horde 1.2.x ships with its own customized version of
PHPLIB, which has now been patched to prevent this problem.)

2. By using tricky encodings of "javascript:" an attacker can cause
malicious JavaScript code to execute in the browser of a user reading
email sent by attacker. (IMP 2.2.x already filters many such
patterns; several new ones that were slipping past the filters are
now blocked.)

3. A hostile user that can create a publicly-readable file named
"prefs.lang" somewhere on the Apache/PHP server can cause that file
...