CVE-2013-6172
published 2013-11-05CVE-2013-6172: steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.87%
85.1th percentile
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | roundcube | < roundcube 0.9.4-1.1 (bookworm) | roundcube 0.9.4-1.1 (bookworm) |
| roundcube | webmail | <= 0.8.6 | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pq43-cvv2-h373: steps/utils/save_pref
ghsa_unreviewed·2022-05-17
CVE-2013-6172 [HIGH] CWE-89 GHSA-pq43-cvv2-h373: steps/utils/save_pref
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
OSV
CVE-2013-6172: steps/utils/save_pref
osv·2013-11-05·CVSS 7.5
CVE-2013-6172 [HIGH] CVE-2013-6172: steps/utils/save_pref
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
Debian
CVE-2013-6172: roundcube - steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9...
vendor_debian·2013·CVSS 7.5
CVE-2013-6172 [HIGH] CVE-2013-6172: roundcube - steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9...
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
Scope: local
bookworm: resolved (fixed in 0.9.4-1.1)
bullseye: resolved (fixed in 0.9.4-1.1)
forky: resolved (fixed in 0.9.4-1.1)
sid: resolved (fixed in 0.9.4-1.1)
trixie: resolved (fixed in 0.9.4-1.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-6172 roundcubemail: vulnerability in handling _session argument of utils/save-prefs
bugzilla·2013-10-22·CVSS 7.5
CVE-2013-6172 [HIGH] CVE-2013-6172 roundcubemail: vulnerability in handling _session argument of utils/save-prefs
CVE-2013-6172 roundcubemail: vulnerability in handling _session argument of utils/save-prefs
Roundcubemail, a browser-based multilingual IMAP client, was found to have a vulnerability, which could allow an attacker to overwrite configuration settings using user preferences, that can result in random file access, manipulated SQL queries or even remote code execution (0.8.6 and older).
The issues are said to be fixed in the latest release, 0.9.5.
References:
http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
https://bugs.gentoo.org/show_bug.cgi?id=488994
Discussion:
Created roundcubemail tracking bugs for this issue:
Affects: epel-all [bug 1021965]
---
Upstream bug report and patch:
http://trac.roundcube.net/ticket/1489382
http://trac.roundcube.net/changeset/70c7df8f
Bugzilla
CVE-2013-6172 roundcubemail: vulnerability in handling _session argument of utils/save-prefs [epel-all]
bugzilla·2013-10-22·CVSS 7.5
CVE-2013-6172 [HIGH] CVE-2013-6172 roundcubemail: vulnerability in handling _session argument of utils/save-prefs [epel-all]
CVE-2013-6172 roundcubemail: vulnerability in handling _session argument of utils/save-prefs [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when availabl
Bugzilla
CVE-2013-6172: Vulnerability in handling _session argument of utils/save-prefs [fedora-all]
bugzilla·2013-10-22·CVSS 7.5
CVE-2013-6172 [HIGH] CVE-2013-6172: Vulnerability in handling _session argument of utils/save-prefs [fedora-all]
CVE-2013-6172: Vulnerability in handling _session argument of utils/save-prefs [fedora-all]
Roundcubemail just released new 0.9.5 version with fixes for VCE2013-6172(will be available soon).
Hotfix: https://github.com/roundcube/roundcubemail/commit/4109bb26ce.diff
Full announcement:
We just published new releases which fix a recently reported
vulnerability that allows an attacker to overwrite configuration
settings using user preferences. This can result in random file
access, manipulated SQL queries and even code execution. The latter
one only affects versions 0.8.6 and older.
Beside the security fix, the 0.9.5 release also includes other minor
bug fixes and improvements. Most notably it brings the default spell
checker back after Google suspended their public spell checking
service.
http://lists.opensuse.org/opensuse-updates/2014-03/msg00035.htmlhttp://roundcube.net/news/2013/10/21/security-updates-095-and-087/http://trac.roundcube.net/ticket/1489382http://www.debian.org/security/2013/dsa-2787http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19http://lists.opensuse.org/opensuse-updates/2014-03/msg00035.htmlhttp://roundcube.net/news/2013/10/21/security-updates-095-and-087/http://trac.roundcube.net/ticket/1489382http://www.debian.org/security/2013/dsa-2787http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19
2013-11-05
Published