[horde] calls to popen()

Jan Schneider jan at horde.org
Tue Feb 14 08:30:15 UTC 2012


Zitat von Reindl Harald <h.reindl at thelounge.net>:

> Am 11.02.2012 08:16, schrieb Vilius ?umskas:
>> Hi,
>>
>> Saturday, February 11, 2012, 12:57:10 AM, you wrote:
>>
>>> what is this after update H3 some minutes ago?
>>
>>> Feb 10 22:52:52 [30092] ALERT - function within blacklist called:
>>> popen() (attacker '10.0.0.241', file
>>> '/usr/share/horde/lib/Horde/Crypt/pgp.php', line 1696)
>>
>>> there are existing pear packages and no single need to
>>> open command execution which nobody will do interested
>>> in security for foreign software
>>
>> There  is nothing wrong with popen() calls. If you "security" software
>> thinks overwise, then it is seriously botched.
>
> and the following proves you are wrong
>
> open_basedir will isolate vhosts where mod_php is needed
> popen() and such commands are breakiing out of the vhost
> if the following happens your whole machine is compromised

This only proves that open_basedir is not much more than a duct tape.

> -------- Original-Nachricht --------
>> Remote execution backdoor after server hack (CVE-2012-0209)
>> CVE-2012-0209: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0209
>>>
>>> We have been able to limit the manipulation to three files
>>> downloaded during a certain timeframe. The affected releases are:
>>> - Horde 3.3.12 downloaded between November 15 and February 7
>>> - Horde Groupware 1.2.10 downloaded between November 9 and February 7
>>> - Horde Groupware Webmail Edition 1.2.10 downloaded between
>>> November 2 and February 7
>>>
>>> No other releases have been affected


-- 
The Horde Project
http://www.horde.org/



More information about the horde mailing list