Go Back   SolidHost Forums Support Forums Security Questions

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old Feb 16th, 2009, 08:28   #1
iamback
Customer
 
Join Date: May 2007
Posts: 11
Exclamation Code injection via RoundCube

Yesterday, I found my server had been compromised with a code injection, making use of a vulnerability in RoundCube.

References:This lists them as I found them - but note the last thread is from December. And note that any version of RoundCube before 0.2-stable is vulnerable.

I should also mention that I have never used RoundCube - I just happened to stumble over this while investigating how to set up email (so far I have only web sites working). So what there was was simply exactly what was installed by default with DirectAdmin.

I made a ticket (YUG-62160) and asked tech support to remove the injected code and upgrade RoundCube to the latest 0.2-stable. At that time (around 3:30 yesterday afternoon) I'd only found the first reference at the RC site. As I dug further, I found the other threads at the DA forum. Shortly before 6:00 RoundCube had been updated to 0.2 - but I found it was not functional, and so far that is still the status.

I'm posting here for three reasons:
  1. Mostly, a heads-up to all users of DirectAdmin who may have a vulnerable version of RoundCube on their VPS
  2. To express my disappointment that apparently SoldHost was not aware of this vulnerability, and warned their customers about it
  3. To express my amazement that it takes so long for Tech Support to replace RoundCube with a working installation of version 2.0 (the forum threads I linked to in my ticket mention various problems getting it to work - which is precisely why I didn't try to do it myself!)

I hope this is at least useful to someone.
iamback is offline   Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 09:31.