high
7.5
CWE
94
Advisory Published
CVE Published
Updated

CVE-2012-0209: Code Injection

First published: Wed Feb 15 2012(Updated: )

From <a href="http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&amp;id=155">http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&amp;id=155</a> A few days ago we became aware of a manipulated file on our FTP server. Upon further investigation we discovered that the server has been hacked earlier, and three releases have been manipulated to allow unauthenticated remote PHP execution. We have immediately taken down all distribution servers to further analyze the extent of this incident, and we have worked closely with various Linux distributions to coordinate our response. Since then the FTP and PEAR servers have been replaced and further secured. Clean versions of our releases have been uploaded. This issue will be tracked as CVE-2012-0209: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0209">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0209</a> We have been able to limit the manipulation to three files downloaded during a certain timeframe. The affected releases are: - Horde 3.3.12 downloaded between November 15 and February 7 - Horde Groupware 1.2.10 downloaded between November 9 and February 7 - Horde Groupware Webmail Edition 1.2.10 downloaded between November 2 and February 7 No other releases have been affected. Specifically, no Horde 4 releases were compromised. Our CVS and Git repositories are not affected either. Linux distributions that are affected will notify and provide security releases individually. If you are not sure whether you are affected or want to verify manually whether you are affected, you can search for this signature in your Horde directory tree: $m[1]($m[2]) We recommend that all users of the affected version immediately re-install using fresh copies downloaded from our FTP server, or to upgrade to the more recent versions that have been released since then. This is a list of suggested replacements and their MD5 checksums: bc04ce4499af24a403429c81d0a8afcf <a href="ftp://ftp.horde.org/pub/horde/horde-3.3.12.tar.gz">ftp://ftp.horde.org/pub/horde/horde-3.3.12.tar.gz</a> 5a0486a5f6f96a9957e770ddabe71b38 <a href="ftp://ftp.horde.org/pub/horde/horde-3.3.13.tar.gz">ftp://ftp.horde.org/pub/horde/horde-3.3.13.tar.gz</a> 4bdab16c84513bbd9466cb0dc7464661 <a href="ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.10.tar.gz">ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.10.tar.gz</a> fed921b55a8f544fba806333502cd45d <a href="ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.11.tar.gz">ftp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.11.tar.gz</a> 60e100c3e4ab59c01d30bf5eb813a182 <a href="ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.10.tar.gz">ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.10.tar.gz</a> 6f735266449bfda2cce8b5067b16ff74 <a href="ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.11.tar.gz">ftp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.11.tar.gz</a> If you are running Horde 4, you don't need to do anything. We apologize for the inconvenience and assure you that we are undertaking a full security review of our procedures to prevent this kind of incident from happening again. If you have further questions, please ask on the Horde mailing list: <a href="http://www.horde.org/community/mail">http://www.horde.org/community/mail</a>

Credit: security@debian.org

Affected SoftwareAffected VersionHow to fix
Horde Groupware Webmail Edition=1.2.10
Horde Groupware Webmail Edition=1.2.10
Horde=3.3.12

Remedy

http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155

Remedy

http://lists.horde.org/archives/announce/2012/000751.html

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=790877

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2012-0209?

    CVE-2012-0209 has been classified as a moderate severity vulnerability.

  • How do I fix CVE-2012-0209?

    To fix CVE-2012-0209, you should update to Horde Groupware version 1.2.10 or Horde version 3.3.12.

  • What versions are affected by CVE-2012-0209?

    CVE-2012-0209 affects Horde Groupware version 1.2.10 and Horde version 3.3.12.

  • What type of vulnerability is CVE-2012-0209?

    CVE-2012-0209 is categorized as a security vulnerability related to file manipulation.

  • Can CVE-2012-0209 lead to data exposure?

    Yes, CVE-2012-0209 could potentially lead to unauthorized data exposure due to manipulated files.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203