[announce] [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209)

Jan Schneider jan at horde.org
Mon Feb 13 14:27:50 UTC 2012

Dear Horde users,

a few days ago we became aware of a manipulated file on our FTP  
server. Upon further investigation we discovered that the server has  
been hacked earlier, and three releases have been manipulated to allow  
unauthenticated remote PHP execution.
We have immediately taken down all distribution servers to further  
analyze the extent of this incident, and we have worked closely with  
various Linux distributions to coordinate our response.
Since then the FTP and PEAR servers have been replaced and further  
secured. Clean versions of our releases have been uploaded.

This issue will be tracked as CVE-2012-0209:  

We have been able to limit the manipulation to three files downloaded  
during a certain timeframe. The affected releases are:
- Horde 3.3.12 downloaded between November 15 and February 7
- Horde Groupware 1.2.10 downloaded between November 9 and February 7
- Horde Groupware Webmail Edition 1.2.10 downloaded between November 2  
and February 7

No other releases have been affected. Specifically, no Horde 4  
releases were compromised. Our CVS and Git repositories are not  
affected either. Linux distributions that are affected will notify and  
provide security releases individually.

If you are not sure whether you are affected or want to verify  
manually whether you are affected, you can search for this signature  
in your Horde directory tree:


We recommend that all users of the affected version immediately  
re-install using fresh copies downloaded from our FTP server, or to  
upgrade to the more recent versions that have been released since  
then. This is a list of suggested replacements and their MD5 checksums:


If you are running Horde 4, you don't need to do anything.

We apologize for the inconvenience and assure you that we are  
undertaking a full security review of our procedures to prevent this  
kind of incident from happening again.

If you have further questions, please ask on the Horde mailing list:  


The Horde Project

More information about the announce mailing list