[clug] Security: RoundCube Webmail Exploit

Cody Appleby kizmet at kizmet.id.au
Sat Apr 25 02:44:28 GMT 2009


Hi Guys, 

Just advising everyone that there is an explot that effects RoundCube
Webmail v0.2 stable and below,
I was recently attacked using this and its not nice,
I advise everyone to upgrade to the latest 0.2.1 asap!

The patch is included in 0.2.1 or the trunk release :)

The exploit is to do with bin/html2text.php

<?

define('INSTALL_PATH', realpath('./../') . '/');
require INSTALL_PATH.'program/include/iniset.php';

$converter = new html2text(html_entity_decode($HTTP_RAW_POST_DATA,
ENT_COMPAT, 'UTF-8'));

header('Content-Type: text/plain; charset=UTF-8');
print trim($converter->get_text());

?>

the latest patched version is as follows:

<?

define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/');
require INSTALL_PATH . 'program/include/iniset.php';

$RCMAIL = rcmail::get_instance();

if (!empty($RCMAIL->user->ID)) {
$converter = new html2text($HTTP_RAW_POST_DATA);

header('Content-Type: text/plain; charset=UTF-8');
print trim($converter->get_text());
}
else {
header("HTTP/1.0 403 Forbidden");
echo "Requires a valid user session";
}

?>

Kind Regards,
Cody Appleby


More information about the linux mailing list