Bug 483426 - There is a remote shell vulnerability in roundcubemail 0.1.1
There is a remote shell vulnerability in roundcubemail 0.1.1
Status: CLOSED NEXTRELEASE
Product: Fedora EPEL
Classification: Fedora
Component: roundcubemail (Show other bugs)
el5
All Linux
low Severity urgent
: ---
: ---
Assigned To: Gwyn Ciesla
Fedora Extras Quality Assurance
http://sourceforge.net/forum/forum.ph...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-01 01:23 EST by Gordon Messmer
Modified: 2009-03-31 17:07 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-17 15:07:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix CVE-2008-5619 (24.89 KB, application/octet-stream)
2009-03-16 01:19 EDT, Gordon Messmer
no flags Details

  None (edit)
Description Gordon Messmer 2009-02-01 01:23:45 EST
Description of problem:
A vulnerability in roundcubemail 0.1.1 may allow attackers to execute commands as the "httpd" user.

This bug is fixed in 0.2:
http://sourceforge.net/forum/forum.php?forum_id=898542

Version-Release number of selected component (if applicable):
roundcubemail-0.1.1-4.el5
Comment 1 Gwyn Ciesla 2009-02-02 09:16:34 EST
0.2 will not work in RHEL5 or earlier due to the PHP version.  I'll see if I can fix or craft a patch.
Comment 2 Gwyn Ciesla 2009-02-02 10:13:01 EST
To be clear, are you referring to the html2text and quota vulnerabilities?
Comment 3 Gordon Messmer 2009-02-02 12:08:00 EST
Yes, I am.
Comment 4 Gwyn Ciesla 2009-02-02 14:55:35 EST
I can build but not effectively test for EL-5.  Would you be willing to test an uploaded rpm, or would you prefer a srpm?
Comment 5 Gwyn Ciesla 2009-02-18 13:22:26 EST
Ping?
Comment 6 Gordon Messmer 2009-02-19 16:34:02 EST
I can test either.  I'd be curious enough to review the patch, as well, so a src.rpm would be welcome.
Comment 7 Gordon Messmer 2009-03-16 01:19:06 EDT
I've successfully tested the attached patch.  It merely replaces html2text.inc with the version of html2text.php released to fix the bug in 0.2.  Please publish an updated package ASAP.  This is actively being exploited in the wild.
Comment 8 Gordon Messmer 2009-03-16 01:19:58 EDT
Created attachment 335298 [details]
Patch to fix CVE-2008-5619
Comment 9 Gwyn Ciesla 2009-03-17 15:07:15 EDT
Built for EL-5 and EL-4, sent request for push to epel-signers.

Thanks very much for the patch and testing.  Sorry for the delay, I've been extraordinarily busy of late.
Comment 10 Orion Poplawski 2009-03-31 17:07:00 EDT
This still hasn't been pushed.  I'm going to try to ping the epel-signers.  Just got hit by this yesterday.

Note You need to log in before you can comment on or make changes to this bug.