CVE-2013-1090

NameCVE-2013-1090
DescriptionThe SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-horde (PTS)bullseye5.2.23+debian0-5fixed
sid, bookworm5.2.23+debian0-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-hordesource(unstable)(not affected)

Notes

- php-horde <not-affected> (SuSE specific packaging flaw)
https://bugzilla.suse.com/show_bug.cgi?id=811369
Search for package or bug name: Reporting problems