• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Vulnerability in Horde

G

galaxy

Regular Pleskian
The version of Horde that comes with plesk 7.5 and I believe 8.0 has a vulnerability where it lets others abuse the help system to run arbitrary commands on the server allowing themselves to download & install code on your server, open up sockets and run shells.

See: http://www.securityfocus.com/bid/17292

I've just been hacked. Horde says they've fixed it in 3.0.10 and 3.1.1.
 
I manually patched /usr/share/psa-horde/services/help/index.php back on April 4th, attached is my patched version.

Drop it back in the same folder.

PHP: 
<?php
/**
 * $Horde: horde/services/help/index.php,v 2.80.10.1 2005/01/03 12:25:45 jan Exp $
 *
 * Copyright 1999-2005 Jon Parise <[email protected]>
 *
 * See the enclosed file COPYING for license information (LGPL). If you
 * did not receive this file, see [url]http://www.fsf.org/copyleft/lgpl.html.[/url]
 */

@define('HORDE_BASE', dirname(__FILE__) . '/../..');
@define('AUTH_HANDLER', true);

require_once HORDE_BASE . '/lib/base.php';
require_once 'Horde/Help.php';

$title = _("Help");
$show = String::lower(Util::getFormData('show', 'index'));
$module = String::lower(basename(Util::getFormData('module', 'horde')));
$topic = Util::getFormData('topic');

if ($module == 'admin') {
    $fileroot = $registry->get('fileroot');
    $help_file = $fileroot . "/admin/locale/$language/help.xml";
    $help_file_fallback = $fileroot . '/admin/locale/en_US/help.xml';
} else {
    $fileroot = $registry->get('fileroot', $module);
    $help_file = $fileroot . "/locale/$language/help.xml";
    $help_file_fallback = $fileroot . '/locale/en_US/help.xml';
}

if ($show == 'index') {
    $base_url = $registry->get('webroot', 'horde') . '/services/help/';
    $main_url = Horde::url($base_url);
    $main_url = Util::addParameter($main_url, array('show' => 'entry',
                                                    'module' => $module,
                                                    'topic' => $topic));
    $menu_url = Horde::url($base_url);
    $menu_url = Util::addParameter($menu_url, array('module' => $module,
                                                    'show' => 'menu'));
    require HORDE_TEMPLATES . '/help/index.inc';
} else {
    $bodyClass = 'help';
    require HORDE_TEMPLATES . '/common-header.inc';
    if ($show == 'menu') {
        /* Set up urls. */
        $url = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
        $url = Util::addParameter($url, 'module', $module);
        $topics_link = Util::addParameter($url, 'show', 'topics');
        $topics_link = Horde::link($topics_link, _("List Help Topics"), 'header', 'help_main') . _("List Help Topics") . '</a>';
        $about_link = Util::addParameter($url, 'show', 'about');
        $about_link = Horde::link($about_link, _("About..."), 'header', 'help_main') . _("About...") . '</a>';
        require HORDE_TEMPLATES . '/help/menu.inc';
    } elseif ($show == 'about') {
        require $fileroot . '/lib/version.php';
        $version = String::ucfirst($module) . ' ' . constant(String::upper($module) . '_VERSION');
        $credits = Util::bufferOutput('include', $fileroot . '/docs/CREDITS');
        $credits = String::convertCharset($credits, 'iso-8859-1', NLS::getCharset());
        require HORDE_TEMPLATES . '/help/about.inc';
    } else {
        $help = &new Help(HELP_SOURCE_FILE, array($help_file, $help_file_fallback));
        if (($show == 'entry') && !empty($topic)) {
            $help->lookup($topic);
            $help->display();
        } else {
            $topics = $help->topics();
            foreach ($topics as $id => $title) {
                $link = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
                $link = Util::addParameter($link, array('show' => 'entry', 'module' => $module, 'topic' => $id));
                echo Horde::link($link);
                echo $title . "</a><br />\n";
            }
        }
        $help->cleanup();
    }
}

require HORDE_TEMPLATES . '/common-footer.inc';
 
Thanks for the replies.

I updated my index.php by checking the diffs from the Horde project on that file. Essentially removing the eval() and replacing the line with:

$version = String::ucfirst($module) . ' ' . constant(String::upper($module) . '_VERSION');
 
If you are using Plesk 7.5.4, you can apply all of the updates and it will load Horde 3.1.1 (latest version).
 
You must log in or register to reply here.

Similar threads

J
Issue Unable to Access Webmail through Plesk after service changed hands.
Replies
3
Views
2K
Peter Debik
P
I
Using Elastic Stack for Data Analysis and XenForo for Forums
Replies
0
Views
2K
igubaidullin
I
A
Parallels Plesk Pannel 11.0.9 Horde webmail vulnerability?
Replies
4
Views
2K
_Alberto_
A
J
How to start your online store with WooCommerce
Replies
0
Views
3K
joerg
J
A
Using external email
Replies
0
Views
2K
AndorA
A
Back
Top