Date: Mon, 09 Mar 2009 09:43:24 +0200 From: Brent Clark <brentgclarklist@gmail.com> To: Zbigniew Szalbot <zszalbot@gmail.com> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: roundcube security bug Message-ID: <49B4C89C.7080205@gmail.com> In-Reply-To: <94136a2c0903090036q51d569dfk4a58ef0f8cceab05@mail.gmail.com> References: <94136a2c0903090036q51d569dfk4a58ef0f8cceab05@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Zbigniew Szalbot wrote: > hello, > > I strongly advise anyone who has the mail/roundcube port or software > installed to be careful as it has a security bug (and I do not know > where to report it). It allows people to remotely place a trojan on > /tmp and use it. They do it like this: > > 213.96.25.30 - - [05/Mar/2009:19:22:14 +0100] "POST > /roundcube/bin/html2text.php HTTP/1.0" 406 > and as a result a non-empty directory /tmp/guestbook.ntr/ is created > and a file /tmp/guestbook.php > > This html2text.php file has been used by an attacker on my system (at > least I think so). I have removed the port and since then I have had > no trouble, although they have been scanning for this file as I can > read in the logs. > > Yours, > > Hiya Have you notified and / or checked with the upstream authour (maybe the mailinglist too). Regards Brent Clark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49B4C89C.7080205>