Ravens PHP Scripts

RoundCube Webmail *bin/html2text.php* PHP Code Execution
Date: Monday, December 15, 2008 @ 12:40:01 PST
Topic: Security

VERIFY ADVISORY: http://secunia.com/advisories/33169/
CRITICAL: Highly critical
IMPACT: System access
SOFTWARE: RoundCube Webmail 0.x - http://secunia.com/advisories/product/19066/
DESCRIPTION: A vulnerability has been discovered in RoundCube Webmail, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 0.2-beta.

The vulnerability is caused due to the use of the vulnerable "chuggnutt.com HTML to Plain Text Conversion PHP class", which can be exploited by sending specially crafted POST data to the bin/html2text.php script. For more information: SA33145
SOLUTION: Fixed in the SVN repository. http://trac.roundcube.net/changeset/2148
PROVIDED AND/OR DISCOVERED BY: Reported in a bug by RealMurphy. http://trac.roundcube.net/ticket/1485618
ORIGINAL ADVISORY: http://trac.roundcube.net/ticket/1485618
OTHER REFERENCES: SA33145: http://secunia.com/advisories/33145/

This article comes from Ravens PHP Scripts

The URL for this story is: