From owner-freebsd-questions@FreeBSD.ORG  Mon Mar  9 07:43:28 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 956FC106564A
	for <freebsd-questions@freebsd.org>;
	Mon,  9 Mar 2009 07:43:28 +0000 (UTC)
	(envelope-from brentgclarklist@gmail.com)
Received: from mail.eccotours.biz (mail.eccotours.co.za [196.36.10.114])
	by mx1.freebsd.org (Postfix) with ESMTP id 23EB98FC0C
	for <freebsd-questions@freebsd.org>;
	Mon,  9 Mar 2009 07:43:27 +0000 (UTC)
	(envelope-from brentgclarklist@gmail.com)
Received: from [192.168.111.31] by mail.eccotours.biz with esmtp (Exim 4.69)
	(envelope-from <brentgclarklist@gmail.com>)
	id 1Lga8y-0008Ay-F5; Mon, 09 Mar 2009 09:43:24 +0200
Message-ID: <49B4C89C.7080205@gmail.com>
Date: Mon, 09 Mar 2009 09:43:24 +0200
From: Brent Clark <brentgclarklist@gmail.com>
User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103)
MIME-Version: 1.0
To: Zbigniew Szalbot <zszalbot@gmail.com>
References: <94136a2c0903090036q51d569dfk4a58ef0f8cceab05@mail.gmail.com>
In-Reply-To: <94136a2c0903090036q51d569dfk4a58ef0f8cceab05@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: User Questions <freebsd-questions@freebsd.org>
Subject: Re: roundcube security bug
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2009 07:43:28 -0000

Zbigniew Szalbot wrote:
> hello,
>
> I strongly advise anyone who has the mail/roundcube port or software
> installed to be careful as it has a security bug (and I do not know
> where to report it). It allows people to remotely place a trojan on
> /tmp and use it. They do it like this:
>
> 213.96.25.30 - - [05/Mar/2009:19:22:14 +0100] "POST
> /roundcube/bin/html2text.php HTTP/1.0" 406
> and as a result a non-empty directory /tmp/guestbook.ntr/ is created
> and a file /tmp/guestbook.php
>
> This html2text.php file has been used by an attacker on my system (at
> least I think so). I have removed the port and since then I have had
> no trouble, although they have been scanning for this file as I can
> read in the logs.
>
> Yours,
>
>   
Hiya

Have you notified and / or checked with the upstream authour (maybe the 
mailinglist too).

Regards
Brent Clark