Results 1 to 2 of 2

Thread: URGENT! Horde 3.0.5 / Plesk 7.5.4 Exploit

  1. #1
    Junior Member Newbie
    Join Date
    Jun 2006
    Posts
    4

    Exclamation URGENT! Horde 3.0.5 / Plesk 7.5.4 Exploit

    Running a check on Apache's default logs (/var/log/httpd/access_log), I found attempts to exploit the server thru a "backdoor" in Horde.

    I haven't fully checked what could be done with this exploit but certainly leaving the affected script unprotected is an open invitation for trouble.

    To check it, just request the following to any webmail domain on your server (the following check if completely harmless as it will only run uname -a and show it's results on the browser):

    http://webmail.yourserver.com///horde//services/help/old.php?show=about&module=;%22.passthru(%22uname%2 0-a%22);'.

    With some imagination and careful URL encoding, you can get commands to be executed under Apache's account and privileges.

    What I've done until further investigation is performed, is to modify the affected script so that nothing happens when the script is called (so far seems like the only downside is Horde's Help system not working).

    The affected script is index.php, located at /usr/share/psa-horde/services/help.

    For some debugging, I've included the following code right before Horde's code:

    PHP Code:
    <?php
    $request 
    print_r($_REQUESTtrue);
    $server print_r($_SERVERtrue);
    mail("youremailaddress@example.com""HORDE BOGUS REQUEST ".date("r"), "Request\n".$request."Server\n$server""From: \"Server\" <youremailaddress@example.com>");
    die();
    ?>
    That will send you by email any requests with headers to the script, be those legitimate or attempts to exploit your server.

    I will update the topic as soon as I have time to correct the script.

    This was verified with psa-horde-3.0.5-rhel4.build75050824.12.

    Enjoy!

    Tomislav Drpic S.

    ---
    Informática Latina SRL
    http://www.ilatina.com/
    http://www.somethingforit.com/
    Cochabamba, Bolivia

  2. #2
    Junior Member Newbie
    Join Date
    Jun 2006
    Posts
    4

    Default

    The problem was solved on psa-horde-3.1.1-rhel4.build75060413.11. Everyone should update Plesk to benefit from new features, bug fixes and security issues.

    Visit Plesk's web site to get more information and the patch.

    Tomislav Drpic S.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •