CPanel Horde Vulnerability Found - Update Your CPanel

Mar 7, 2008

An arbitrary file inclusion vulnerability has been discovered in the Horde
webmail application. At present, we can confirm that this security
vulnerability in question affects Horde 3.1.6 and earlier. Based on
incomplete information at this time, we also believe this affects Horde
Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware
at this time).

cPanel customers should update their cPanel and WHM servers immediately to
prevent any chance of compromise. The patch will be available in builds
11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated
builds will be available immediately to all fast update servers. The
builds will be available to all other update servers within one hour of
this posting.

To check which version of cPanel and WHM is on your server, simply log
into WebHost Manager (WHM) and look in the top right corner, or execute
the following command from the command line as root:

/usr/local/cpanel/cpanel -V

You can upgrade your server by navigating to 'cPanel' -> 'Upgrade to
Latest Version' in WebHost Manager or by executing the following from the
command line as root:

/scripts/upcp

It is recommended that all use of Horde 3.1.6 and earlier be stopped (on
cPanel and non-cPanel systems alike) until Horde updates can be applied.
You can disable Horde on your cPanel system by unchecking the box next to
'Server Configuration' -> 'Tweak Settings' -> 'Mail' -> 'Horde Webmail'
within WHM, and saving the page with the new settings.

View 14 Replies


ADVERTISEMENT

CPanel Vulnerability Found - Upgrade Recommended

May 2, 2008

Just came through on the RSS feeds...

Quote:

Several potential security issues have been identified with cPanel software and Horde, a 3rd party bundled application. cPanel releases prior to 11.18.4 and 11.22.2 are susceptible to security issues, which range in severity from trivial to medium-critical. Along with the discovery of these potential issues, cPanel has released a new security tool to provide users with protection from XSRF attacks.

Quote:

All STABLE and RELEASE users are strongly urged to update to their respective 11.18.5 release. CURRENT and EDGE users should update to the latest 11.22.3 release. No releases are deemed susceptible to severe, critical or root access vulnerabilities.

[url]

View 8 Replies View Related

Error Sending Mail Using HORDE Since Last Cpanel Update.

Jul 10, 2007

There was an error sending your message: Failed to connect to localhost:25 [SMTP: Failed to connect socket: Connection refused (code: -1, response: )]

I got that error everytime I try to use mails using horde, this is happening since the last cpanel v11 R update...
any ideas about how to fix this.. i couldnt find anything at cpanel logs...

Using mail clients or squirrelmail works perfect, im using RHES 4.

View 1 Replies View Related

Horde Error: Warning: Failed Opening '/usr/local/cpanel/base/horde/config/horde.php'

Aug 16, 2008

Horde error: Warning: Failed opening '/usr/local/cpanel/base/horde/config/horde.php' for inclusion

I am getting the above given error message.

View 2 Replies View Related

Cpanel Vulnerability BTID:22915

Mar 13, 2007

[url]

cPanel Multiple Local File Include Vulnerabilities

Bugtraq ID: 22915
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Mar 11 2007 12:00AM
Updated: Mar 12 2007 04:54PM
Credit: cyb3rt & 020 are credited with the discovery of these vulnerabilities.
Vulnerable: cPanel cPanel 10.9 build 134
cPanel cPanel 10.9 build 125
cPanel cPanel 10.9

View 2 Replies View Related

CPanel Resetpass User Parameter Vulnerability

May 29, 2007

I'm wondering if this is true:

[url]

Something like:

[url]

View 2 Replies View Related

Plesk 12.x / Linux :: Horde Update As Admin?

May 28, 2015

just a quick question for those already tried it. I have Horde installed as the webmailer for my Plesk installation. After login in to Horde with an admin account I get update notifications for several of Hordes apps. Is it safe to update them or will it lead to problems with Pleskl?

View 2 Replies View Related

Plesk 12.x / Linux :: Horde Login Failed Since Update

Sep 26, 2014

Since the update from 11.5 to 12 working Horde login no longer, IMAP works otherwise perfect.

psa-horde.log:
ERR: HORDE [horde] FAILED LOGIN for info@xydomain.tld (info@xydomain.tld) [xx.xx.xx.xx] to horde [pid 20347 on line 216 of "/usr/share/psa-horde/login.php"]
xx.xx.xx.xx = Server-IP

Message from the Horde:
Login failed.

(Email / password are of course correct)

View 15 Replies View Related

Plesk 12.x / Linux :: Horde Admin Email Removed After Each Update?

Aug 26, 2014

Plesk 12.0.18#14, CentOS6.5

in order to have a Horde admin email we open
/etc/psa-webmail/horde/horde/conf.php

and change
$conf['auth']['admins'] = array();
into
$conf['auth']['admins'] = array('emailaddress@xyz.com');

Works fine. This change than reverses itself after every Plesk update incl micro updates. Are we editing the right file / is there an underlying one we should edit instead? Cannot find a setting in Plesk itself to configure a Horde admin email.

View 4 Replies View Related

Horde Mail IMAP :: Auth_imap: Required IMAP Extension Not Found

Sep 2, 2007

I'm having trouble with horde it is giving me the following error:

Auth_imap: Required IMAP extension not found.

Now I pretty much know why that error is coming up I'm missing the IMAP module. What I don't understand is if it was their before why is it gone now. The last thing I did on the server was upgrade Perl.

I would like to get rid of this error but I'm afraid the only solutions will wipe my current setup. If of course their is a way to fix this error without ruining my current setup that would be a lot more useful

The main thing I want to do is retrieve an address book from the horde server. How would I go about finding where the address book is stored through the command line.

Thanks ahead of time for the help.

View 4 Replies View Related

A Fatal Error Has Occurred In Horde Cpanel

Jul 27, 2007

my server is centos and cpanel 11

new server take error will time user want login to horde

A fatal error has occurred

Could not connect to database for SQL SessionHandler.

Details have been logged for the administrator.

and exim stat is failed

View 8 Replies View Related

Plesk 12.x / Linux :: After Last Update 404 Not Found Nginx

Aug 27, 2014

I've got VPS from OVH and on all my websites have problem. Any graphics / layouts / themes are not displayed but only texts and links on white background.

For example see this:

gderesz.co.uk (WordPress)
gadgetmates.uk (OpenCart).

Don't know why. I was doing nothing this night on my server. I'm just uploaded new image file with screenshoot from wordpress admin panel here: [URL] ....

404 Not Found

nginx

Fail.

[URL]....

View 1 Replies View Related

Plesk 12.x / Linux :: Update Bootstrapper Failed (404 Not Found)

Jun 30, 2014

I upgraded to Plesk 12 and now i tried to update with autoinstaller, but i get this errors:

Code:

WARNING: The following packages cannot be authenticated!

pp12.0.18-bootstrapper
Authentication warning overridden.
Err URL 404 Not Found
Failed to fetch URL 404 Not Found
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Synchronizing the Debian APT package index files...

ERROR: An error occurred on attempt to install packages.
Attention! Your software might be inoperable.
Please, contact product technical support.

I tried with apt-get but there is no update available.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved