Vulnerability in roundcube - Hacker took control

Discussion in 'General' started by zonique, Jan 20, 2009.

  1. zonique

    Joined:
    Jan 21, 2008
    Messages:
    3
    Likes Received:
    0
    I just wanted to let you know about my experience of today, in which a hacker took control over my PBX. After some forensics, I found out that he came in through "/mail/bin/html2text.php" which is part of roundcube.

    The bad news is that there seems to be an increasing amount of vulnerability-scanners that are looking for this specific vulnerabilities, and the bad news is that the Roundcube version in the Elastix repository hasn't been patched yet.

    I would recommend everyone that is running Elastix in a setup in which the web-interface is accessible from the internet to either:
    • remove this scripts
    • remove roundcube altogether
    • or patch roundcube manually (patch below)
    until the patch is available from the Elastix repositories.

    Info regarding the vulnerability: http://www.securiteam.com/unixfocus/6L00O15NFS.html
    Patch available on: http://sourceforge.net/forum/forum.php?forum_id=898542
     
  2. zonique

    Joined:
    Jan 21, 2008
    Messages:
    3
    Likes Received:
    0
    Apparently the patches didn't come through on my server well. After I had a better look, the repositories do have the necessary patch! :)

    Appologies for the partially wrong info in my previous post.
     

Share This Page