We were alerted of this earlier this week and we believe there might have been a vulnerability in earlier versions of RoundCube, so our general advice would be to update your copy and generally most distros who carry RoundCube have more updated versions etc..
Till On Fri, Jan 9, 2009 at 2:35 PM, Gokdeniz Karadag <[email protected]> wrote: > There have been reports regarding botnet scans for msgimport.sh > The file should be investigated for security breaches. > > the preg_replace at get_opt seems fishy but I was not able to inject commands > to it. > > http://stateofsecurity.com/?p=550 > http://isc.sans.org/diary.html?storyid=5599&rss > http://www.linode.com/forums/archive/o_t/t_3796/roundcube_webmail_scanning.html > http://zastita.com/015038/roundcube-webmail-.html > _______________________________________________ > List info: http://lists.roundcube.net/dev/ > _______________________________________________ List info: http://lists.roundcube.net/dev/
