The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SECURITY ALERT: Horde arbitrary file inclusion vulnerability

Discussion in 'Security' started by ericgregory, Mar 6, 2008.

Thread Status:
Not open for further replies.
  1. ericgregory

    ericgregory Well-Known Member
    PartnerNOC

    Joined:
    Nov 27, 2002
    Messages:
    124
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Pennsylvania
    cPanel Access Level:
    DataCenter Provider
    An arbitrary file inclusion vulnerability has been discovered in the Horde
    webmail application. At present, we can confirm that this security
    vulnerability in question affects Horde 3.1.6 and earlier. Based on
    incomplete information at this time, we also believe this affects Horde
    Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware
    at this time).

    cPanel customers should update their cPanel and WHM servers immediately to
    prevent any chance of compromise. The patch will be available in builds
    11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated
    builds will be available immediately to all fast update servers. The
    builds will be available to all other update servers within one hour of
    this posting.


    To check which version of cPanel and WHM is on your server, simply log
    into WebHost Manager (WHM) and look in the top right corner, or execute
    the following command from the command line as root:

    /usr/local/cpanel/cpanel -V

    You can upgrade your server by navigating to 'cPanel' -> 'Upgrade to
    Latest Version' in WebHost Manager or by executing the following from the
    command line as root:

    /scripts/upcp


    It is recommended that all use of Horde 3.1.6 and earlier be stopped (on
    cPanel and non-cPanel systems alike) until Horde updates can be applied.
    You can disable Horde on your cPanel system by unchecking the box next to
    'Server Configuration' -> 'Tweak Settings' -> 'Mail' -> 'Horde Webmail'
    within WHM, and saving the page with the new settings.


    We would like to thank HostGator for providing the initial details in
    their report of this vulnerability.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page