[Pkg-roundcube-maintainers] Bug#508628: roundcube: remote code execution vuln in html2text.php, uses preg_replace with "e".
Andreas Henriksson
andreas at fatal.se
Sun Dec 14 18:33:05 UTC 2008
On sön, 2008-12-14 at 19:13 +0100, Florian Weimer wrote:
> A problem has been fixed, right, but not necessarily the correct
> one. 8-/
>
> In the meantime, I've received data from another attack (again without
> POST data, unfortunately). But in that case, the time stamps match
In my case, the first outgoing mail in the spambomb started exactly 2
minutes 10 seconds after the third POST.
> up, so I'm inclined to believe that the issue is indeed in
> html2text.php, and precisely the one fixed by upstream (there doesn't
> seem to be any other vector in that script).
If you want something to investigate, both moodle and horde3 have
"html2text.php" files, although different - they both use the e modifier
together with preg_replace.
--
Regards,
Andreas Henriksson
More information about the Pkg-roundcube-maintainers
mailing list