Published:2013/12/03 Last Updated:2013/12/03
JVN#84221103
Cybozu Garoon vulnerable to mail header injection
Overview
Cybozu Garoon contains a mail header injection vulnerability.
Products Affected
- Cybozu Garoon version 3.1 through 3.5 Service Pack 5
Description
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function.
Impact
If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Cybozu, Inc. | Vulnerable | 2013/12/03 | Cybozu, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.12.03
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | login caused to be created by an administrator |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-6003 |
| JVN iPedia |
JVNDB-2013-000116 |
Update History
- 2013/12/03
- Information under the section "Products Affected" was modified.