[ MDVSA-2014:182 ] zarafa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:182
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : zarafa
 Date    : September 24, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated zarafa packages fix security vulnerabilities:
 
 Robert Scheck reported that Zarafa's WebAccess stored session
 information, including login credentials, on-disk in PHP session
 files. This session file would contain a user's username and password
 to the Zarafa IMAP server (CVE-2014-0103).
 
 Robert Scheck discovered that the Zarafa Collaboration Platform has
 multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,
 CVE-2014-5449, CVE-2014-5450).
 _______________________________________________

007 Software

[ MDVSA-2014:182 ] zarafa

Leave a Reply Cancel reply

Software and Security Information