cPanel Horde Vulnerability Found

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • DateDoc
    Outside looking in.
    • Feb 2005
    • 14243

    #1

    cPanel Horde Vulnerability Found

    I just got this email and though I'd pass along this warning.....

    An arbitrary file inclusion vulnerability has been discovered in the Horde
    webmail application. At present, we can confirm that this security
    vulnerability in question affects Horde 3.1.6 and earlier. Based on
    incomplete information at this time, we also believe this affects Horde
    Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware
    at this time).

    cPanel customers should update their cPanel and WHM servers immediately to
    prevent any chance of compromise. The patch will be available in builds
    11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated
    builds will be available immediately to all fast update servers. The
    builds will be available to all other update servers within one hour of
    this posting.


    To check which version of cPanel and WHM is on your server, simply log
    into WebHost Manager (WHM) and look in the top right corner, or execute
    the following command from the command line as root:

    /usr/local/cpanel/cpanel -V

    You can upgrade your server by navigating to 'cPanel' -> 'Upgrade to
    Latest Version' in WebHost Manager or by executing the following from the
    command line as root:

    /scripts/upcp


    It is recommended that all use of Horde 3.1.6 and earlier be stopped (on
    cPanel and non-cPanel systems alike) until Horde updates can be applied.
    You can disable Horde on your cPanel system by unchecking the box next to
    'Server Configuration' -> 'Tweak Settings' -> 'Mail' -> 'Horde Webmail'
    within WHM, and saving the page with the new settings.
  • baddog
    So Fucking Banned
    • Apr 2001
    • 107089

    #2
    Resource hog with exploits, long live DirectAdmin

    Comment

    • Jet - BANNED FOR LIFE
      So Fucking Banned
      • Sep 2002
      • 7515

      #3
      Horde?

      What if I'm on Alliance side? Is it safe?

      Comment

      • XSecurityAudit
        Registered User
        • Apr 2007
        • 79

        #4
        Originally posted by Jet
        Horde?

        What if I'm on Alliance side? Is it safe?


        Do you happen to be the same Jet that wrote the bindscanner a long time ago? ADM!ADM!ADM! If not, nevermind

        Comment

        • Kick Ass Chat
          Confirmed User
          • Dec 2002
          • 2057

          #5
          Originally posted by baddog
          Resource hog with exploits, long live DirectAdmin

          Agreed...
          [email protected]

          Comment

          • CyberHustler
            Masterbaiter
            • Feb 2006
            • 28739

            #6
            DirectAdmin > cPanel
            “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

            Comment

            • Altheon
              Confirmed User
              • May 2004
              • 506

              #7
              DateDoc, thank you for posting the info. I just updated my server.

              Comment

              • John.
                Confirmed User
                • Jul 2007
                • 2264

                #8
                Thanks dude
                Sig too old.

                Comment

                • SiMpLe
                  Confirmed User
                  • Feb 2002
                  • 3221

                  #9
                  For The Horde!
                  Sean Holland
                  Vice President
                  OrbitalPay / Global Electronic Technology (GET)
                  SKYPE: iam.sean ::: sholland at orbitalpay.com
                  888-775-1500

                  Comment

                  • DateDoc
                    Outside looking in.
                    • Feb 2005
                    • 14243

                    #10
                    bump for the morning crew

                    Comment

                    Working...