The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Horde Vulnerability

Discussion in 'General Discussion' started by QuetzlcoatlBlue, Sep 22, 2009.

  1. QuetzlcoatlBlue

    QuetzlcoatlBlue Registered

    Joined:
    Nov 1, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
  2. cPanelPhil

    cPanelPhil cPanel Product Owner
    Staff Member

    Joined:
    Sep 26, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    The cPanel implementation of Horde 3.1.7p10 can not be exploited with this method. Our investigation determined the following.

    Note: all paths below use /usr/local/cpanel/base/horde as their base.

    1) This exploit requires use of the Horde_Form_Type_image class as defined in lib/Horde/Form.php. As an example, see the Turba addressbook's "New Contact" form. This form is configured via turba/config/attributes.php. To use the Horde_Form_Type_image class, this form must be configured to use an element of type 'image'. Newer versions of Horde use 'type' => 'image' (see horde-webmail-1.2.4), but not our shipped version.

    2) cPanel runs the Horde application as user:group cpanelhorde:cpanelhorde, so all files will be uploaded with this ownership. cPanel files in /usr/local/cpanel/base are owned by root, so overwriting is not possible.

    Thank you for bringing this vulnerability to our attention. We are in the process of updating our installation of Horde to current versions, but this will not be available until future cPanel releases.
     
  3. QuetzlcoatlBlue

    QuetzlcoatlBlue Registered

    Joined:
    Nov 1, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi Phil,

    Thanks very much for the detailed response, much appreciated!

    Q.
     
Loading...

Share This Page