[Bug 316550] Re: CVE-2008-5619 - Roundcube vulnerable and actively exploited

Andrew Starr-Bochicchio a.starr.b at gmail.com
Thu Feb 19 17:17:54 UTC 2009 

A few things, CVE 2008-5619  states "html2text.php in RoundCube Webmail
(roundcubemail) 0.2-1.alpha and 0.2-3.beta allows remote attackers to
execute arbitrary code via crafted input that is processed by the
preg_replace function with the eval switch. " These versions have never
entered Ubuntu.

I think you mean, CVE-2008-5620:

"RoundCube Webmail (roundcubemail) before 0.2-beta allows remote
attackers to cause a denial of service (memory consumption) via crafted
size parameters that are used to create a large quota image. "

This is already been fixed in Jaunty (by way of Debian):

roundcube (0.1.1-10) unstable; urgency=high

  * Fix a vulnerability in quota image generation. This fixes
    CVE-2008-5620. Thanks to Nico Golde for reporting it. Closes: #509596.
  * Add description to all patches.
  * Add missing ${misc:Depends} to debian/control.
  * Add missing dependency on php5-gd, used for quota bar.

Also, a sync to version 0.2~stable-1  has been approved in Bug #331220

All that said, CVE-2008-5620 does effect previous Ubuntu releases.
Thanks for taking the time to point this out.

Opening release specific tasks, so that the fix can be backported. Most
importantly to the LTS release.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5620

** Changed in: roundcube (Ubuntu)
   Importance: Undecided => High
       Status: Confirmed => Fix Released

** Summary changed:

- CVE-2008-5619 - Roundcube vulnerable and actively exploited
+ CVE-2008-5620- Roundcube vulnerable and actively exploited

** Description changed:

  Binary package hint: roundcube
  
- Roundcube 0.1 - as shipped in the universe section of every current
- Ubuntu version - is vulnerable to remote code execution. This is
- currently exploited widely. See
+ Roundcube 0.1 - as shipped in the universe section of every Ubuntu
+ version before Jaunty - is vulnerable to a denial of service attack.
+ This is currently exploited widely. See
  
  http://www.milw0rm.com/exploits/7553
  http://www.directadmin.com/forum/showthread.php?p=147344
  http://directadmin.com/forum/showthread.php?p=147661
  http://www.webhostingtalk.com/showthread.php?t=748555
  http://forum.ubuntuusers.de/topic/was-ist-wssh/

** Tags added: security

-- 
CVE-2008-5620- Roundcube vulnerable and actively exploited
https://bugs.launchpad.net/bugs/316550
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list