[clug] Security: RoundCube Webmail Exploit
Cody Appleby
kizmet at kizmet.id.au
Sat Apr 25 02:44:28 GMT 2009
Hi Guys,
Just advising everyone that there is an explot that effects RoundCube
Webmail v0.2 stable and below,
I was recently attacked using this and its not nice,
I advise everyone to upgrade to the latest 0.2.1 asap!
The patch is included in 0.2.1 or the trunk release :)
The exploit is to do with bin/html2text.php
<?
define('INSTALL_PATH', realpath('./../') . '/');
require INSTALL_PATH.'program/include/iniset.php';
$converter = new html2text(html_entity_decode($HTTP_RAW_POST_DATA,
ENT_COMPAT, 'UTF-8'));
header('Content-Type: text/plain; charset=UTF-8');
print trim($converter->get_text());
?>
the latest patched version is as follows:
<?
define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/');
require INSTALL_PATH . 'program/include/iniset.php';
$RCMAIL = rcmail::get_instance();
if (!empty($RCMAIL->user->ID)) {
$converter = new html2text($HTTP_RAW_POST_DATA);
header('Content-Type: text/plain; charset=UTF-8');
print trim($converter->get_text());
}
else {
header("HTTP/1.0 403 Forbidden");
echo "Requires a valid user session";
}
?>
Kind Regards,
Cody Appleby
More information about the linux
mailing list