Possible Horde Vulnerability

Can you provide at least one source?

 

What are the 2 links to the posts in the forums you mention?

 

Hm, I have not heard that it was able to commandeer root access.
There is most certainly a horde exploit being pushed around in the wild but it's only allowing cPanel access to the user exploited.

 

To clarify, what you're saying is that the current Horde exploit can be used to leverage cPanel access against the user, is that correct? Have you reported this to cPanel? Is this bug specific to cPanel servers?

 

Thanks vince512, I really appreciate the info, as I'm sure others do too.

Apparently root access can in fact be leveraged through the bug (start edit I have no proof of this myself, and I'm not entirely convinced that escalating to root is possible, simply due to lack of information end edit), and according to one cPanel staff member, disabling Horde will mitigate the current threat. cPanel is aware of and working on the issue at this time. That's all the information I have.

 

Can you post an actual revision number that this is fixed in? I just did an edge update and it says:

WHM 11.19.0 cPanel 11.19.2-E21594

is this patched?

 

As per the email sent to us a little while ago:

"The updated builds will be available immediately to all fast update servers. The builds will be available to all other update servers within one hour of this posting."

Can you clarify what is the difference between a fast update server and all other update servers so in the future we know what we are updating with ??

 

looks like our messages crossed in subspace.... mod can remove this

 

I ajust running /scripts/upcp but it is failing on the Horde download and seems to loop over and over again trying. Not good. If I break the process - how will that leave my server in regards to the remaining cpanel updates?

Chris

 

I suggest being patient - this update took a LOT longer that the past several. I was worried until I checked the progress in SSH by:
cd /var/cpanel/updatelogs
look in the directory and find the update file with the near current time/date
then tail that update file. For me it was :
tail -20 update.1204852566.log

Watch the last line each time you run it and you should see that it is actually progressing, but very slowly.

My guess this is slow because there are many people upgrading at the same time.

Mine finally completed, but was about an hour.

Ron

 

cPanel,

I would just like to say thank you so much for your speedy response & critical update in relation to this. I was notified early this morning about the vulnerability, disabled horde, emailed all my customers (gosh that takes a while these days) - and happily updated my servers a few hours later.

Horde is a pretty important part of mail for my clients so I wasn't happy to hear about this issue. The update was rather quick considering the influx of people updating at the same time and now my customers have Horde again.

So again - thank you.
Dazz