1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

cPanel SECURITY ALERT: Horde arbitrary file inclusion vulnerability

Discussion in 'Security' started by minstrel, Mar 6, 2008.

0
  1. #1
    Subject: SECURITY ALERT: Horde arbitrary file inclusion vulnerability

     
    minstrel, Mar 6, 2008 IP
    NaughtyNeo and micksss like this.
  2. NaughtyNeo

    NaughtyNeo Peon

    Messages:
    829
    Likes Received:
    41
    Best Answers:
    0
    Trophy Points:
    0
    #2
    NaughtyNeo, Mar 6, 2008 IP
  3. InFloW

    InFloW Peon

    Messages:
    1,488
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Patched in builds later than 21594

    Or if you go by version then you're looking at:

    For 11.19.x Everything 11.19.2 or newer is patched
    For 11.18.x Everything 11.18.2 or newer is patched


    This actually hit a few big hosts just like the 0 day kernel exploit. Seems some of these exploits are targeting big hosts.
     
    InFloW, Mar 6, 2008 IP
  4. micksss

    micksss Notable Member

    Messages:
    4,427
    Likes Received:
    268
    Best Answers:
    1
    Trophy Points:
    285
    #4
    Thank you for sharing this very important information!!!
     
    micksss, Mar 6, 2008 IP
  5. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #5
    Hey everyone,
    To check to see if your Dedicated servers were affected at all by this exploit, you can run the command below. If there is output it could possibly mean you were exploited. If there is nothing, then you should be perfectly fine.

    
mysql -e "use horde ; select * from horde_prefs WHERE pref_name = 'theme' AND pref_value LIKE '%..%';"
    Code (markup):

    To get Horde up and running with the patched version, you may run the following commands.

    
chattr -ia -V /usr/local/cpanel/base/horde/index.php
/scripts/upcp --force
    Code (markup):
     
    zacharooni, Mar 6, 2008 IP
  6. cooldude7273

    cooldude7273 Active Member

    Messages:
    185
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    55
    #6
    Really, all you need to do is /scripts/upcp or update it via WHM. No need for force at all here. (or for the chattr command)
     
    cooldude7273, Mar 6, 2008 IP
  7. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #7
    HostGator provides a more stringent regex patch than cPanel does, and across their entire board, they disabled Horde and chattr +ia'd it. Once you /scripts/cpup though, cPanels version takes over.
     
    zacharooni, Mar 7, 2008 IP
  8. andyoudontstop

    andyoudontstop Peon

    Messages:
    42
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Service providers such as HostGator seem to be taking a big hit for the vulnerabilities within their 3rd party software configuration setups. It would certainly explain why Dreamhost and others have started to roll up some of their own inhouse tools and have gotten rid of the fantastico type installation tools.
     
    andyoudontstop, Jun 16, 2008 IP
  9. profithost

    profithost Active Member

    Messages:
    484
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    80
    #9
    thx for that :)
     
    profithost, Jun 21, 2008 IP