roundcube security problem

K

kyleodonnell

Verified User
Joined
Oct 8, 2008
Messages
11
Does anyone know if the version of roundcube that comes with the latest version of DA is exploitable? My server was running a perl script from /tmp, the name of the script was httpdse. I have /tmp mounted nosuid/noexec, but since this is a perl script the binary executed isn't in /tmp. I've written a cronjob monitor to check my system every minute.

After some investigation, I found that the only site served at the time of the file creation was roundcube.

Has anyone else experienced this? Is there a way to easily upgrade roundcube?
 
What version of roundcube are you using?

You probably have an old version.
 
And note that version 0.2 doesn't run on PHP4. Either run PHP5 and 0.2, or uninstall Roundcube.

We had to fix a lot of servers over the weekend.

Be proactive: 217.79.182.58 has been attacking Roundcube vulnerabilities. We've reported it to their upstream but haven't heard back from them. Be proactive and block it from your servers.

Jeff

Jeff
 
My server's been scanned at least 100+ times for roundcube from a multitude of IPs and I didn't even have Roundcube installed. I'm surprised you're just now getting affected.
 
My server was really affected because of the roundcube exploit problem. The roundcube application was delivered with the directadmin. Was this problem solved or not does anyone know?
 
Personally I do not use roundcube anymore, but what I suggest is to change the directory and the symlink to something else (non-existant) - yes, it'll be a lot of work to change skins, updating it, etc, but it works.

I've done phpmyadmin this way, and had no issues - I just need to update it manually if and when need be.
 
jaguarrr said:
My server was really affected because of the roundcube exploit problem. The roundcube application was delivered with the directadmin. Was this problem solved or not does anyone know?
Click to expand...

See post #3.

And it is up to every server administrator to keep up with the software updates. DirectAdmin is not an automatic software updater.
 
You must log in or register to reply here.
Back
Top