roundcube security bug
Michael Powell
nightrecon at verizon.net
Mon Mar 9 01:22:00 PDT 2009
Zbigniew Szalbot wrote:
> hello,
>
> I strongly advise anyone who has the mail/roundcube port or software
> installed to be careful as it has a security bug (and I do not know
> where to report it). It allows people to remotely place a trojan on
> /tmp and use it. They do it like this:
>
> 213.96.25.30 - - [05/Mar/2009:19:22:14 +0100] "POST
> /roundcube/bin/html2text.php HTTP/1.0" 406
> and as a result a non-empty directory /tmp/guestbook.ntr/ is created
> and a file /tmp/guestbook.php
>
> This html2text.php file has been used by an attacker on my system (at
> least I think so). I have removed the port and since then I have had
> no trouble, although they have been scanning for this file as I can
> read in the logs.
>
> Yours,
>
I have an eCommerce store and sometimes up to about two thirds of the script
kiddie runs include a search for roundcube. So it is highly sought after
active vulnerability for compromising web sites. I don't use it myself so it
has no effect on my site, but I am seeing the traffic.
-Mike
More information about the freebsd-questions
mailing list