• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Vulnerability in Horde

G

galaxy

Regular Pleskian
The version of Horde that comes with plesk 7.5 and I believe 8.0 has a vulnerability where it lets others abuse the help system to run arbitrary commands on the server allowing themselves to download & install code on your server, open up sockets and run shells.

See: http://www.securityfocus.com/bid/17292

I've just been hacked. Horde says they've fixed it in 3.0.10 and 3.1.1.
 
I manually patched /usr/share/psa-horde/services/help/index.php back on April 4th, attached is my patched version.

Drop it back in the same folder.

PHP: 
<?php
/**
 * $Horde: horde/services/help/index.php,v 2.80.10.1 2005/01/03 12:25:45 jan Exp $
 *
 * Copyright 1999-2005 Jon Parise <[email protected]>
 *
 * See the enclosed file COPYING for license information (LGPL). If you
 * did not receive this file, see [url]http://www.fsf.org/copyleft/lgpl.html.[/url]
 */

@define('HORDE_BASE', dirname(__FILE__) . '/../..');
@define('AUTH_HANDLER', true);

require_once HORDE_BASE . '/lib/base.php';
require_once 'Horde/Help.php';

$title = _("Help");
$show = String::lower(Util::getFormData('show', 'index'));
$module = String::lower(basename(Util::getFormData('module', 'horde')));
$topic = Util::getFormData('topic');

if ($module == 'admin') {
    $fileroot = $registry->get('fileroot');
    $help_file = $fileroot . "/admin/locale/$language/help.xml";
    $help_file_fallback = $fileroot . '/admin/locale/en_US/help.xml';
} else {
    $fileroot = $registry->get('fileroot', $module);
    $help_file = $fileroot . "/locale/$language/help.xml";
    $help_file_fallback = $fileroot . '/locale/en_US/help.xml';
}

if ($show == 'index') {
    $base_url = $registry->get('webroot', 'horde') . '/services/help/';
    $main_url = Horde::url($base_url);
    $main_url = Util::addParameter($main_url, array('show' => 'entry',
                                                    'module' => $module,
                                                    'topic' => $topic));
    $menu_url = Horde::url($base_url);
    $menu_url = Util::addParameter($menu_url, array('module' => $module,
                                                    'show' => 'menu'));
    require HORDE_TEMPLATES . '/help/index.inc';
} else {
    $bodyClass = 'help';
    require HORDE_TEMPLATES . '/common-header.inc';
    if ($show == 'menu') {
        /* Set up urls. */
        $url = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
        $url = Util::addParameter($url, 'module', $module);
        $topics_link = Util::addParameter($url, 'show', 'topics');
        $topics_link = Horde::link($topics_link, _("List Help Topics"), 'header', 'help_main') . _("List Help Topics") . '</a>';
        $about_link = Util::addParameter($url, 'show', 'about');
        $about_link = Horde::link($about_link, _("About..."), 'header', 'help_main') . _("About...") . '</a>';
        require HORDE_TEMPLATES . '/help/menu.inc';
    } elseif ($show == 'about') {
        require $fileroot . '/lib/version.php';
        $version = String::ucfirst($module) . ' ' . constant(String::upper($module) . '_VERSION');
        $credits = Util::bufferOutput('include', $fileroot . '/docs/CREDITS');
        $credits = String::convertCharset($credits, 'iso-8859-1', NLS::getCharset());
        require HORDE_TEMPLATES . '/help/about.inc';
    } else {
        $help = &new Help(HELP_SOURCE_FILE, array($help_file, $help_file_fallback));
        if (($show == 'entry') && !empty($topic)) {
            $help->lookup($topic);
            $help->display();
        } else {
            $topics = $help->topics();
            foreach ($topics as $id => $title) {
                $link = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
                $link = Util::addParameter($link, array('show' => 'entry', 'module' => $module, 'topic' => $id));
                echo Horde::link($link);
                echo $title . "</a><br />\n";
            }
        }
        $help->cleanup();
    }
}

require HORDE_TEMPLATES . '/common-footer.inc';
 
Thanks for the replies.

I updated my index.php by checking the diffs from the Horde project on that file. Essentially removing the eval() and replacing the line with:

$version = String::ucfirst($module) . ' ' . constant(String::upper($module) . '_VERSION');
 
If you are using Plesk 7.5.4, you can apply all of the updates and it will load Horde 3.1.1 (latest version).
 
You must log in or register to reply here.

Similar threads

J
Issue Unable to Access Webmail through Plesk after service changed hands.
Replies
3
Views
4K
Peter Debik
P
O
Resolved Horde Active Sync does not work
2
Replies
36
Views
13K
LightRO
L
T
Industry Insights – Ubuntu vs CentOS, does your Linux OS matter?
Replies
0
Views
2K
Tricia Santaguida
T
T
Industry Insights – Ubuntu vs CentOS, does your Linux OS matter?
Replies
1
Views
4K
Graham1989
Graham1989
I
Using Elastic Stack for Data Analysis and XenForo for Forums
Replies
0
Views
4K
igubaidullin
I
Back
Top