CVE-2009-3236 | Vulnerability Database | Aqua Security

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.

Affected Software

Name	Vendor	Start Version	End Version
Application_framework	Horde	3.2 (including)	3.2 (including)
Application_framework	Horde	3.2.1 (including)	3.2.1 (including)
Application_framework	Horde	3.2.2 (including)	3.2.2 (including)
Application_framework	Horde	3.2.3 (including)	3.2.3 (including)
Application_framework	Horde	3.2.4 (including)	3.2.4 (including)
Application_framework	Horde	3.3 (including)	3.3 (including)
Application_framework	Horde	3.3.1 (including)	3.3.1 (including)
Application_framework	Horde	3.3.2 (including)	3.3.2 (including)
Application_framework	Horde	3.3.3 (including)	3.3.3 (including)
Application_framework	Horde	3.3.4 (including)	3.3.4 (including)
Groupware	Horde	1.1 (including)	1.1 (including)
Groupware	Horde	1.1.1 (including)	1.1.1 (including)
Groupware	Horde	1.1.2 (including)	1.1.2 (including)
Groupware	Horde	1.1.3 (including)	1.1.3 (including)
Groupware	Horde	1.1.4 (including)	1.1.4 (including)
Groupware	Horde	1.1.5 (including)	1.1.5 (including)
Groupware	Horde	1.2 (including)	1.2 (including)
Groupware	Horde	1.2-rc1 (including)	1.2-rc1 (including)
Groupware	Horde	1.2.1 (including)	1.2.1 (including)
Groupware	Horde	1.2.2 (including)	1.2.2 (including)
Groupware	Horde	1.2.3 (including)	1.2.3 (including)
Horde3	Ubuntu	dapper	*
Horde3	Ubuntu	hardy	*
Horde3	Ubuntu	intrepid	*
Horde3	Ubuntu	jaunty	*
Horde3	Ubuntu	upstream	*

References

http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2
http://secunia.com/advisories/36665
http://secunia.com/advisories/36882
http://www.debian.org/security/2009/dsa-1897
http://www.osvdb.org/58107
https://exchange.xforce.ibmcloud.com/vulnerabilities/53202
http://marc.info/?l=horde-announce\u0026m=125291625030436\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125292088004087\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125292314007049\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125292339907481\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125294558611682\u0026w=2
http://marc.info/?l=horde-announce\u0026m=125295852706029\u0026w=2
http://secunia.com/advisories/36665
http://secunia.com/advisories/36882
http://www.debian.org/security/2009/dsa-1897
http://www.osvdb.org/58107
https://exchange.xforce.ibmcloud.com/vulnerabilities/53202

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-3236
CWE	https://cwe.mitre.org/data/definitions/.html