The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible Horde Vulnerability

Discussion in 'General Discussion' started by vince512, Mar 6, 2008.

  1. vince512

    vince512 Active Member

    Joined:
    Nov 16, 2003
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    I have been hearing reports from various sources that there may be a serious vulnerability in Horde webmail to where a server can actually be rooted.

    I have checked with my cPanel provider and they haven't heard anything, and I checked google and so far I have seen two web hosts post in their forums that they are disabling horde due to an undocumented vulnerability.

    Has anyone else heard anything about this or can confirm this?
     
  2. hm2k

    hm2k Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Can you provide at least one source?
     
  3. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    What are the 2 links to the posts in the forums you mention?
     
  4. gottabekidding

    Joined:
    Sep 7, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Hm, I have not heard that it was able to commandeer root access.
    There is most certainly a horde exploit being pushed around in the wild but it's only allowing cPanel access to the user exploited.
     
  5. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    To clarify, what you're saying is that the current Horde exploit can be used to leverage cPanel access against the user, is that correct? Have you reported this to cPanel? Is this bug specific to cPanel servers?
     
  6. vince512

    vince512 Active Member

    Joined:
    Nov 16, 2003
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Again, it may be just me being paranoid...but I just want to make certain that I did not miss something that I may wind up paying for later. The posts I found is below...only one forum talks about the vulnerability being able to root any machine running horde in cpanel:

    The two forums I found in the google search:

    This one actually stating the vulnerability:

    http://forums.hostgator.com/showthread.php?t=28888&goto=newpost target=

    This one disabled today when searching google again this morning, but did not give a reason yet:

    http://dotable.com/dotable-announcement-forum/1882-horde-webmail-disabled.html

    Again, I just want to make certain, if this is not the case great, but if it is, then we want to make sure that we follow suit on our servers and disable it until the next update of horde.




    So someone can still at least access someone's account and access there files? Then maybe we should disable horde on our boxes until the fix.
     
  7. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    Thanks vince512, I really appreciate the info, as I'm sure others do too.

    Apparently root access can in fact be leveraged through the bug (start edit I have no proof of this myself, and I'm not entirely convinced that escalating to root is possible, simply due to lack of information end edit), and according to one cPanel staff member, disabling Horde will mitigate the current threat. cPanel is aware of and working on the issue at this time. That's all the information I have.
     
    #7 jpetersen, Mar 6, 2008
    Last edited: Mar 6, 2008
  8. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    cPanel has collaborated with one of our partners to work to patch a security vulnerability in the Horde webmail application. HostGator has graciously provided information which will help facilitate our creation of a patch. As soon as the patch has been completed and tested it will be deployed to all cPanel builds. The completed patch will also be sent to the Horde Project (http://www.horde.org) for inclusion within the Horde codebase.

    At present, we can confirm that this security vulnerability in question affects Horde 3.1.6 and earlier. Based on incomplete information at this time, we also believe this affects Horde Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware at this time). We recommend anyone using Horde or Horde Groupware disable it until the patch has been released. Since this vulnerability is contained in the stock Horde distribution and not limited to it's use on cPanel servers, we recommend disabling Horde on all platforms until patched.

    This post will be updated as needed.
     
    #8 cPanelNick, Mar 6, 2008
    Last edited by a moderator: Mar 6, 2008
  9. vince512

    vince512 Active Member

    Joined:
    Nov 16, 2003
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6

    I am glad I could help get the word out to the community. I think we definitely need to do a better job ensuring that everyone gets security information as soon as it is confirmed or known. Even one rooted server can give anyone of us a bad day, especially if they use it to attack other systems.
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    In this case it was only confirmed minutes before I posted above.
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks Nick.
     
  12. lbccserv

    lbccserv Active Member

    Joined:
    Mar 23, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Can you post an actual revision number that this is fixed in? I just did an edge update and it says:

    WHM 11.19.0 cPanel 11.19.2-E21594

    is this patched?
     
  13. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    As per the email sent to us a little while ago:

    "The updated builds will be available immediately to all fast update servers. The builds will be available to all other update servers within one hour of this posting."

    Can you clarify what is the difference between a fast update server and all other update servers so in the future we know what we are updating with ??
     
  14. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    http://www.cpanel.net/partners/fast-update/index.htm
     
  15. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    For 11.19.x Everything 11.19.2 or newer is patched
    For 11.18.x Everything 11.18.2 or newer is patched
     
  16. lbccserv

    lbccserv Active Member

    Joined:
    Mar 23, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    looks like our messages crossed in subspace.... mod can remove this
     
  17. nsusa

    nsusa Well-Known Member

    Joined:
    Jun 30, 2004
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Colorado, USA
    I ajust running /scripts/upcp but it is failing on the Horde download and seems to loop over and over again trying. Not good. If I break the process - how will that leave my server in regards to the remaining cpanel updates?

    Chris
     
  18. cpanelinfoseeker

    cpanelinfoseeker Well-Known Member

    Joined:
    Oct 25, 2002
    Messages:
    323
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    NE Illinois
    cPanel Access Level:
    Root Administrator
    I suggest being patient - this update took a LOT longer that the past several. I was worried until I checked the progress in SSH by:
    cd /var/cpanel/updatelogs
    look in the directory and find the update file with the near current time/date
    then tail that update file. For me it was :
    tail -20 update.1204852566.log

    Watch the last line each time you run it and you should see that it is actually progressing, but very slowly.

    My guess this is slow because there are many people upgrading at the same time.

    Mine finally completed, but was about an hour.

    Ron
     
  19. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Please open a ticket @ https://tickets.cpanel.net/submit/ and post the #
     
  20. darren.nolan

    darren.nolan Well-Known Member

    Joined:
    Oct 4, 2007
    Messages:
    259
    Likes Received:
    0
    Trophy Points:
    16
    cPanel,

    I would just like to say thank you so much for your speedy response & critical update in relation to this. I was notified early this morning about the vulnerability, disabled horde, emailed all my customers (gosh that takes a while these days) - and happily updated my servers a few hours later.

    Horde is a pretty important part of mail for my clients so I wasn't happy to hear about this issue. The update was rather quick considering the influx of people updating at the same time and now my customers have Horde again.

    So again - thank you.
    Dazz
     
Loading...

Share This Page