1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Vulnerability in Horde

Discussion in 'Plesk for Linux - 8.x and Older' started by galaxy, Apr 27, 2006.

  1. galaxy

    galaxy Regular Pleskian

    27
    40%
    Joined:
    Jun 28, 2005
    Messages:
    140
    Likes Received:
    0
    The version of Horde that comes with plesk 7.5 and I believe 8.0 has a vulnerability where it lets others abuse the help system to run arbitrary commands on the server allowing themselves to download & install code on your server, open up sockets and run shells.

    See: http://www.securityfocus.com/bid/17292

    I've just been hacked. Horde says they've fixed it in 3.0.10 and 3.1.1.
     
  2. wagnerch

    wagnerch Guest

    0
     
    I manually patched /usr/share/psa-horde/services/help/index.php back on April 4th, attached is my patched version.

    Drop it back in the same folder.

    PHP:
    <?php
    /**
     * $Horde: horde/services/help/index.php,v 2.80.10.1 2005/01/03 12:25:45 jan Exp $
     *
     * Copyright 1999-2005 Jon Parise <jon@horde.org>
     *
     * See the enclosed file COPYING for license information (LGPL). If you
     * did not receive this file, see [url]http://www.fsf.org/copyleft/lgpl.html.[/url]
     */

    @define('HORDE_BASE'dirname(__FILE__) . '/../..');
    @
    define('AUTH_HANDLER'true);

    require_once 
    HORDE_BASE '/lib/base.php';
    require_once 
    'Horde/Help.php';

    $title _("Help");
    $show String::lower(Util::getFormData('show''index'));
    $module String::lower(basename(Util::getFormData('module''horde')));
    $topic Util::getFormData('topic');

    if (
    $module == 'admin') {
        
    $fileroot $registry->get('fileroot');
        
    $help_file $fileroot "/admin/locale/$language/help.xml";
        
    $help_file_fallback $fileroot '/admin/locale/en_US/help.xml';
    } else {
        
    $fileroot $registry->get('fileroot'$module);
        
    $help_file $fileroot "/locale/$language/help.xml";
        
    $help_file_fallback $fileroot '/locale/en_US/help.xml';
    }

    if (
    $show == 'index') {
        
    $base_url $registry->get('webroot''horde') . '/services/help/';
        
    $main_url Horde::url($base_url);
        
    $main_url Util::addParameter($main_url, array('show' => 'entry',
                                                        
    'module' => $module,
                                                        
    'topic' => $topic));
        
    $menu_url Horde::url($base_url);
        
    $menu_url Util::addParameter($menu_url, array('module' => $module,
                                                        
    'show' => 'menu'));
        require 
    HORDE_TEMPLATES '/help/index.inc';
    } else {
        
    $bodyClass 'help';
        require 
    HORDE_TEMPLATES '/common-header.inc';
        if (
    $show == 'menu') {
            
    /* Set up urls. */
            
    $url Horde::url($registry->get('webroot''horde') . '/services/help/');
            
    $url Util::addParameter($url'module'$module);
            
    $topics_link Util::addParameter($url'show''topics');
            
    $topics_link Horde::link($topics_link_("List Help Topics"), 'header''help_main') . _("List Help Topics") . '</a>';
            
    $about_link Util::addParameter($url'show''about');
            
    $about_link Horde::link($about_link_("About..."), 'header''help_main') . _("About...") . '</a>';
            require 
    HORDE_TEMPLATES '/help/menu.inc';
        } elseif (
    $show == 'about') {
            require 
    $fileroot '/lib/version.php';
            
    $version String::ucfirst($module) . ' ' constant(String::upper($module) . '_VERSION');
            
    $credits Util::bufferOutput('include'$fileroot '/docs/CREDITS');
            
    $credits String::convertCharset($credits'iso-8859-1'NLS::getCharset());
            require 
    HORDE_TEMPLATES '/help/about.inc';
        } else {
            
    $help = &new Help(HELP_SOURCE_FILE, array($help_file$help_file_fallback));
            if ((
    $show == 'entry') && !empty($topic)) {
                
    $help->lookup($topic);
                
    $help->display();
            } else {
                
    $topics $help->topics();
                foreach (
    $topics as $id => $title) {
                    
    $link Horde::url($registry->get('webroot''horde') . '/services/help/');
                    
    $link Util::addParameter($link, array('show' => 'entry''module' => $module'topic' => $id));
                    echo 
    Horde::link($link);
                    echo 
    $title "</a><br />\n";
                }
            }
            
    $help->cleanup();
        }
    }

    require 
    HORDE_TEMPLATES '/common-footer.inc';
     
  3. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    hotfix 9 solves the horde problem.
     
  4. galaxy

    galaxy Regular Pleskian

    27
    40%
    Joined:
    Jun 28, 2005
    Messages:
    140
    Likes Received:
    0
    Thanks for the replies.

    I updated my index.php by checking the diffs from the Horde project on that file. Essentially removing the eval() and replacing the line with:

    $version = String::ucfirst($module) . ' ' . constant(String::upper($module) . '_VERSION');
     
  5. wagnerch

    wagnerch Guest

    0
     
    Ahh, thanks. Will give it a shot.
     
  6. wagnerch

    wagnerch Guest

    0
     
    If you are using Plesk 7.5.4, you can apply all of the updates and it will load Horde 3.1.1 (latest version).
     
Loading...