roundcube security problem

kyleodonnell · Apr 13, 2009

Does anyone know if the version of roundcube that comes with the latest version of DA is exploitable? My server was running a perl script from /tmp, the name of the script was httpdse. I have /tmp mounted nosuid/noexec, but since this is a perl script the binary executed isn't in /tmp. I've written a cronjob monitor to check my system every minute.

After some investigation, I found that the only site served at the time of the file creation was roundcube.

Has anyone else experienced this? Is there a way to easily upgrade roundcube?

scsi · Apr 13, 2009

What version of roundcube are you using?

You probably have an old version.

floyd · Apr 13, 2009

See the DirectAdmin Announcements section.

nobaloney · Apr 13, 2009

And note that version 0.2 doesn't run on PHP4. Either run PHP5 and 0.2, or uninstall Roundcube.

We had to fix a lot of servers over the weekend.

Be proactive: 217.79.182.58 has been attacking Roundcube vulnerabilities. We've reported it to their upstream but haven't heard back from them. Be proactive and block it from your servers.

Jeff

Jeff

Dravu · Apr 13, 2009

My server's been scanned at least 100+ times for roundcube from a multitude of IPs and I didn't even have Roundcube installed. I'm surprised you're just now getting affected.

jaguarrr · Apr 14, 2009

My server was really affected because of the roundcube exploit problem. The roundcube application was delivered with the directadmin. Was this problem solved or not does anyone know?

jdlitson · Apr 14, 2009

Yes, as floyd said

See the DirectAdmin Announcements section.

Here is a direct link: http://directadmin.com/forum/showthread.php?t=29240

LawsHosting · Apr 14, 2009

Personally I do not use roundcube anymore, but what I suggest is to change the directory and the symlink to something else (non-existant) - yes, it'll be a lot of work to change skins, updating it, etc, but it works.

I've done phpmyadmin this way, and had no issues - I just need to update it manually if and when need be.

floyd · Apr 14, 2009

jaguarrr said:
My server was really affected because of the roundcube exploit problem. The roundcube application was delivered with the directadmin. Was this problem solved or not does anyone know?

See post #3.

And it is up to every server administrator to keep up with the software updates. DirectAdmin is not an automatic software updater.

roundcube security problem

kyleodonnell

Verified User

scsi

Verified User

floyd

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

Dravu

Verified User

jaguarrr

New member

jdlitson

Verified User

LawsHosting

Verified User

floyd

Verified User