• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Vulnerability in Horde

G

galaxy

Regular Pleskian
The version of Horde that comes with plesk 7.5 and I believe 8.0 has a vulnerability where it lets others abuse the help system to run arbitrary commands on the server allowing themselves to download & install code on your server, open up sockets and run shells.

See: http://www.securityfocus.com/bid/17292

I've just been hacked. Horde says they've fixed it in 3.0.10 and 3.1.1.
 
I manually patched /usr/share/psa-horde/services/help/index.php back on April 4th, attached is my patched version.

Drop it back in the same folder.

PHP: 
<?php
/**
 * $Horde: horde/services/help/index.php,v 2.80.10.1 2005/01/03 12:25:45 jan Exp $
 *
 * Copyright 1999-2005 Jon Parise <[email protected]>
 *
 * See the enclosed file COPYING for license information (LGPL). If you
 * did not receive this file, see [url]http://www.fsf.org/copyleft/lgpl.html.[/url]
 */

@define('HORDE_BASE', dirname(__FILE__) . '/../..');
@define('AUTH_HANDLER', true);

require_once HORDE_BASE . '/lib/base.php';
require_once 'Horde/Help.php';

$title = _("Help");
$show = String::lower(Util::getFormData('show', 'index'));
$module = String::lower(basename(Util::getFormData('module', 'horde')));
$topic = Util::getFormData('topic');

if ($module == 'admin') {
    $fileroot = $registry->get('fileroot');
    $help_file = $fileroot . "/admin/locale/$language/help.xml";
    $help_file_fallback = $fileroot . '/admin/locale/en_US/help.xml';
} else {
    $fileroot = $registry->get('fileroot', $module);
    $help_file = $fileroot . "/locale/$language/help.xml";
    $help_file_fallback = $fileroot . '/locale/en_US/help.xml';
}

if ($show == 'index') {
    $base_url = $registry->get('webroot', 'horde') . '/services/help/';
    $main_url = Horde::url($base_url);
    $main_url = Util::addParameter($main_url, array('show' => 'entry',
                                                    'module' => $module,
                                                    'topic' => $topic));
    $menu_url = Horde::url($base_url);
    $menu_url = Util::addParameter($menu_url, array('module' => $module,
                                                    'show' => 'menu'));
    require HORDE_TEMPLATES . '/help/index.inc';
} else {
    $bodyClass = 'help';
    require HORDE_TEMPLATES . '/common-header.inc';
    if ($show == 'menu') {
        /* Set up urls. */
        $url = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
        $url = Util::addParameter($url, 'module', $module);
        $topics_link = Util::addParameter($url, 'show', 'topics');
        $topics_link = Horde::link($topics_link, _("List Help Topics"), 'header', 'help_main') . _("List Help Topics") . '</a>';
        $about_link = Util::addParameter($url, 'show', 'about');
        $about_link = Horde::link($about_link, _("About..."), 'header', 'help_main') . _("About...") . '</a>';
        require HORDE_TEMPLATES . '/help/menu.inc';
    } elseif ($show == 'about') {
        require $fileroot . '/lib/version.php';
        $version = String::ucfirst($module) . ' ' . constant(String::upper($module) . '_VERSION');
        $credits = Util::bufferOutput('include', $fileroot . '/docs/CREDITS');
        $credits = String::convertCharset($credits, 'iso-8859-1', NLS::getCharset());
        require HORDE_TEMPLATES . '/help/about.inc';
    } else {
        $help = &new Help(HELP_SOURCE_FILE, array($help_file, $help_file_fallback));
        if (($show == 'entry') && !empty($topic)) {
            $help->lookup($topic);
            $help->display();
        } else {
            $topics = $help->topics();
            foreach ($topics as $id => $title) {
                $link = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
                $link = Util::addParameter($link, array('show' => 'entry', 'module' => $module, 'topic' => $id));
                echo Horde::link($link);
                echo $title . "</a><br />\n";
            }
        }
        $help->cleanup();
    }
}

require HORDE_TEMPLATES . '/common-footer.inc';
 
Thanks for the replies.

I updated my index.php by checking the diffs from the Horde project on that file. Essentially removing the eval() and replacing the line with:

$version = String::ucfirst($module) . ' ' . constant(String::upper($module) . '_VERSION');
 
If you are using Plesk 7.5.4, you can apply all of the updates and it will load Horde 3.1.1 (latest version).
 
You must log in or register to reply here.

Similar threads

J
Issue Unable to Access Webmail through Plesk after service changed hands.
Replies
3
Views
3K
Peter Debik
P
I
Using Elastic Stack for Data Analysis and XenForo for Forums
Replies
0
Views
3K
igubaidullin
I
A
Parallels Plesk Pannel 11.0.9 Horde webmail vulnerability?
Replies
4
Views
3K
_Alberto_
A
J
How to start your online store with WooCommerce
Replies
0
Views
4K
joerg
J
A
Using external email
Replies
0
Views
3K
AndorA
A
Back
Top