GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   cPanel Horde Vulnerability Found (https://gfy.com/showthread.php?t=813220)

DateDoc 03-06-2008 07:19 PM
cPanel Horde Vulnerability Found
 
I just got this email and though I'd pass along this warning.....

Quote:
An arbitrary file inclusion vulnerability has been discovered in the Horde
webmail application. At present, we can confirm that this security
vulnerability in question affects Horde 3.1.6 and earlier. Based on
incomplete information at this time, we also believe this affects Horde
Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware
at this time).

cPanel customers should update their cPanel and WHM servers immediately to
prevent any chance of compromise. The patch will be available in builds
11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated
builds will be available immediately to all fast update servers. The
builds will be available to all other update servers within one hour of
this posting.


To check which version of cPanel and WHM is on your server, simply log
into WebHost Manager (WHM) and look in the top right corner, or execute
the following command from the command line as root:

/usr/local/cpanel/cpanel -V

You can upgrade your server by navigating to 'cPanel' -> 'Upgrade to
Latest Version' in WebHost Manager or by executing the following from the
command line as root:

/scripts/upcp


It is recommended that all use of Horde 3.1.6 and earlier be stopped (on
cPanel and non-cPanel systems alike) until Horde updates can be applied.
You can disable Horde on your cPanel system by unchecking the box next to
'Server Configuration' -> 'Tweak Settings' -> 'Mail' -> 'Horde Webmail'
within WHM, and saving the page with the new settings.

baddog 03-06-2008 07:20 PM
Resource hog with exploits, long live DirectAdmin

Jet - BANNED FOR LIFE 03-06-2008 07:23 PM
Horde?

What if I'm on Alliance side? Is it safe?

XSecurityAudit 03-06-2008 07:51 PM
Quote:
Originally Posted by Jet (Post 13887025)
Horde?

What if I'm on Alliance side? Is it safe?
:1orglaugh:1orglaugh:1orglaugh

Do you happen to be the same Jet that wrote the bindscanner a long time ago? ADM!ADM!ADM! If not, nevermind :)

Kick Ass Chat 03-06-2008 08:14 PM
Quote:
Originally Posted by baddog (Post 13887016)
Resource hog with exploits, long live DirectAdmin

Agreed...:2 cents:

CyberHustler 03-06-2008 08:19 PM
DirectAdmin > cPanel

Altheon 03-06-2008 10:19 PM
DateDoc, thank you for posting the info. I just updated my server.

John. 03-06-2008 10:23 PM
Thanks dude

SiMpLe 03-06-2008 10:25 PM
For The Horde!

DateDoc 03-07-2008 10:26 AM
bump for the morning crew :thumbsup


All times are GMT -7. The time now is 05:28 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123