Horde arbitrary file inclusion vulnerability
March 7th, 2008

An arbitrary file inclusion vulnerability has been discovered in the Horde webmail application. This security vulnerability affects Horde v3.1.6 and earlier. In addition, the cPanel engineers believe that this security threat affects Horde Groupware v1.0.4 and earlier as well (cPanel does not use Horde Groupware at this time).

cPanel customers should update their cPanel/WHM servers immediately to prevent any chances of server compromise. The patch will be available in builds 11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated builds will be available immediately to all fast update servers.

To check which version of cPanel/WHM you currently have on your server, log into your WHM and look in the top right corner, or run the following command from the command line as root:

/usr/local/cpanel/cpanel -V

HowTo Update your cPanel/WHM

Login to WHM >> and find 'Upgrade to Latest Version' in the left pane/frame; or by executing the following from the command line as root:

/scripts/upcp --force

We suggest that all use of Horde v3.1.6 and earlier be stopped (on cPanel and non-cPanel systems alike) until Horde updates can be applied. To disable Horde on a cPanel powered server, Login to the WHM and un-check the checkbox next to 'Server Configuration' >> 'Tweak Settings' >> 'Mail' >> 'Horde Webmail', scroll down the page and press the button "Save".

LATEST NEWS
March 10th, 2008

*** If you're HOSTING your server with ServerTune, we can apply these updates FREE of charge. Just submit a ticket via http://ServerTune.com/help/ ***

The Horde webmail application framework has been updated to v3.1.7 for the official fix to the previously announced arbitrary file inclusion vulnerability. cPanel has also made upgrades in cPanel's PHP application security model for Horde, PhpMyAdmin, and PhpPGAdmin.  These upgrades have been made to minimize or mitigate undiscovered vulnerabilities in these third-party applications while running within a cPanel installation.

We suggest you update your cPanel powered server to either v1.18.3 or v11.19.3.  If you do not wish to update the cPanel, it is strongly recommended that you keep Horde disabled until these updates have been applied.

- HowTo disable Horde in the cPanel/WHM
Login to WHM >> Server Configuration >> Tweak Settings >> Mail , and  un-check the checkbox next to Horde Webmail, scroll down the page and hit the button "Save".

- What is the current version of the cPanel I am running?
* Login to the WHM and look in the upper right corner, or
* SSH to the server and run the following command:
/usr/local/cpanel/cpanel -V

- HowTo update the cPanel/WHM to the latest version:
* Login to WHM, then select cPanel >> Upgrade to Latest Version >> Click to Upgrade, or
* SSH to the server and run the following command:
/scripts/upcp --force

For more information about Horde vulnerability, go to:
http://lists.horde.org/archives/announce/2008/000382.html  

Other articles in this Category

Understanding Attack Techniques

The Concept of Security

What Causes High Server Load?

Mod Security Rules and SPAM

Limit the resources for a specific user

Denial of Services (DoS) Detrimental to Businesses

Protect Your Company Against DDoS Attacks

Malecious Random JavaScript Rootkit

Latest findings about the Random JavaScript Rootkit

RKhunter report: The command '/usr/bin/ldd' has been replaced by a script

Linux kernels v2.6.17+ vmsplice()Root Exploit

IFRAME injection code :: infected Web sites and suggestions

Warning :: A new wave of domain scam/spam

Your client or your PC might be a zombie in a Botnet

HowTo :: scan and stop uploading infected files to your server