Roundcube Bug Found in Directadmin: How to Fix

By | January 4, 2009

An urgent message came from my hosting service provider. They’re telling me that a vulnerability has been found in Directadmin, and it is related to Roundcube. Since there is no patch available yet, they recommend to do the following to prevent your server going down:

# cd /var/www/html
# rm -rf roundcubemail-* roundcube
# mkdir roundcube
# echo ‘<H2>RoundCube has been disabled for security reasons, see CVE-2008-5619.</H2><BR /><H3>It will return as soon as a patched version get released, thanks for your patience.</H3>’ >roundcube/index.html
# chown -R webapps:webapps roundcube

This will make your DA configuration more secure. The reference number is: CVE-2008-5619