The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

horde vulnerability

Discussion in 'General Discussion' started by jwiens, Apr 25, 2006.

  1. jwiens

    jwiens Member

    Joined:
    Mar 8, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    There's a vulnerability in Horde that appears to allow remote code-execution. I haven't looked closely enough at it yet to determine whether it requires a user be logged in and is thus less of a threat (I think that's the case due to the way cpanel wraps horde and requires a login first, but I'm not positive), but either way wanted to post it here first.

    It's been given CVE number 2006-1491, and the appropriate diff is available on the horde cvs page. FYI, it's not actually line 54 in the version of horde running on the latest stable of cpanel (assuming I'm running what I think I'm running), but rather, was in line 56.
     
  2. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    Horde has been updated in both CURRENT and EDGE. The updates should make it down to the STABLE tree within the week.
     
  3. jwiens

    jwiens Member

    Joined:
    Mar 8, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Thanks! Quick turn around. Kudos to the cpanel team.
     
Loading...

Share This Page