Horde Backdoor: remote code execution attempt


Description   A backdoor has been placed by a hacker in some releases of the HORDE Communication Suite. Corrupted versions have been spread during 4 months, between Nov 11 and Feb 12. Due to this backdoor, an unauthenticated user can execute arbitrary PHP code remotely. It is a critical issue. This signature is able to detect and block the exploitation of that backdoor. See vendors website for more details about the impacted versions of HORDE.
     
Default
configuration 		 
Profiles High Medium Low Internet
Action Block Block Block Block
Alarm Level Major Major Major Major
     
References   URL: http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/
URL: http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155
     
Available since   ASQ v4.1.1
     
Protects   Horde Groupware Two Vulnerabilities
Horde Groupware Webmail Edition Multiple Vulnerabilities
Horde Application Framework Two Vulnerabilities
100 last CVE   CVE-2012-0909
CVE-2012-0791
CVE-2012-0209


 
 
 
 
 Risk level 
Critical