Vulnerability in roundcube - Hacker took control

zonique

Joined
Jan 21, 2008
Messages
3
Likes
0
Points
0
#1
I just wanted to let you know about my experience of today, in which a hacker took control over my PBX. After some forensics, I found out that he came in through "/mail/bin/html2text.php" which is part of roundcube.

The bad news is that there seems to be an increasing amount of vulnerability-scanners that are looking for this specific vulnerabilities, and the bad news is that the Roundcube version in the Elastix repository hasn't been patched yet.

I would recommend everyone that is running Elastix in a setup in which the web-interface is accessible from the internet to either:
  • remove this scripts
  • remove roundcube altogether
  • or patch roundcube manually (patch below)
until the patch is available from the Elastix repositories.

Info regarding the vulnerability: http://www.securiteam.com/unixfocus/6L00O15NFS.html
Patch available on: http://sourceforge.net/forum/forum.php?forum_id=898542
 

zonique

Joined
Jan 21, 2008
Messages
3
Likes
0
Points
0
#2
Apparently the patches didn't come through on my server well. After I had a better look, the repositories do have the necessary patch! :)

Appologies for the partially wrong info in my previous post.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,563
Latest member
dineshr
Top