¡¾·ì϶¹«¸æ¡¿Roundcube Webmail¿çÕ¾¾ç±¾·ì϶£¨CVE-2024-42009£©

°ä²¼¹¦·ò 2024-08-06

Ò»¡¢·ì϶¸ÅÊö

·ìϼûû³Æ

 Roundcube Webmail¿çÕ¾¾ç±¾·ì϶

CVE   ID

CVE-2024-42008¡¢CVE-2024-42009

·ì϶ÀàÐÍ

XSS

·¢ÏÖ¹¦·ò

2024-08-06

·ì϶ÆÀ·Ö

ÔÝÎÞ

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÊÇ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ

 

Roundcube WebmailÊÇÒ»¸ö¿ªÔ´µÄ¡¢»ùÓÚWebµÄµç×ÓÓʼþ¿Í»§¶Ë  £¬ËüÌṩÁËÒ»¸öÀàËÆÓÚ×ÀÃæÀûÓ÷¨Ê½µÄÓû§½çÃæ  £¬²¢¾ß±¸µç×ÓÓʼþ¿Í»§¶ËµÄÈ«ÊýÖ°ÄÜ  £¬Ô̺¬MIMEÖ§³Ö¡¢µØÖ·²¾¡¢Îļþ¼Ð²Ù×÷¡¢ÐÂÎÅËÑË÷ºÍƴд²é³­µÈ¡£

2024Äê8ÔÂ6ÈÕ  £¬28Ȧ¼¯ÍÅVSRC¼à²âµ½Roundcube WebmailÖн¨¸´Á˶à¸ö°²È«·ì϶  £¬ÍþвÕß¿ÉÀûÓÃÕâЩ·ì϶ÔÚÊܺ¦ÕßµÄä¯ÀÀÆ÷ÖÐÖ´ÐÐËÁÒâJavaScript¡¢ÇÔÈ¡Ãô¸ÐÐÅÏ¢»òÖ´ÐÐδÊÚȨ²Ù×÷  £¬ÏêÇéÈçÏ£º

CVE-2024-42009£ºRoundcube Webmail¿çÕ¾¾ç±¾·ì϶

Roundcube Webmail 1.6.8֮ǰºÍ1.5.8֮ǰ°æ±¾ÔÚHTMLÄÚÈÝ´¦ÖÃÖдæÔÚ¿çÕ¾¾ç±¾·ì϶  £¬Ô¶³ÌÍþвÕß¿ÉÏòÖ¸±êÓû§·¢ËͶñÒâÉè¼ÆµÄµç×ÓÓʼþ  £¬µ±Êܺ¦ÕßÔÚRoundcubeÖв鿴¶ñÒâµç×ÓÓʼþʱ  £¬¿ÉÄܵ¼ÖÂÀûÓø÷ì϶ÇÔÈ¡µç×ÓÓʼþºÍÁªÏµÈË¡¢Êܺ¦Õߵĵç×ÓÓʼþÃÜÂëÒÔ¼°´ÓÊܺ¦ÕßµÄÕÊ»§·¢Ë͵ç×ÓÓʼþµÈ¡£

CVE-2024-42008£ºRoundcube Webmail¿çÕ¾¾ç±¾·ì϶

Roundcube Webmail 1.6.8֮ǰºÍ1.5.8֮ǰ°æ±¾ÔÚ¸½¼þ´¦ÖÃÖдæÔÚ¿çÕ¾¾ç±¾·ì϶  £¬Ô¶³ÌÍþвÕß¿Éͨ¹ýÏòÖ¸±êÓû§·¢ËÍ´øÓÐΣÏÕContent-Type±êÍ·µÄ¶ñÒâµç×ÓÓʼþ¸½¼þ  £¬µ±Êܺ¦ÕßÔÚRoundcubeÖв鿴ºÍµã»÷¶ñÒâµç×ÓÓʼþʱ  £¬¿ÉÄܵ¼ÖÂÀûÓø÷ì϶ÇÔÈ¡µç×ÓÓʼþºÍÁªÏµÈË¡¢Êܺ¦Õߵĵç×ÓÓʼþÃÜÂëÒÔ¼°´ÓÊܺ¦ÕßµÄÕÊ»§·¢Ë͵ç×ÓÓʼþµÈ¡£

CVE-2024-42010£ºRoundcube WebmailÐÅϢй¶·ì϶

Roundcube Webmail 1.6.8֮ǰºÍ1.5.8֮ǰ°æ±¾ÖÐµÄ mod_css_styles ¶ÔäÖȾµÄµç×ÓÓʼþÐÂÎÅÖеIJãµþÐÎ×´±í£¨CSS£©ÁîÅÆÐòÁеĹýÂ˲»³ä·Ö  £¬¿ÉÄܵ¼ÖÂÔ¶³ÌÍþвÕß»ñÈ¡Ãô¸ÐÐÅÏ¢¡£

 

¶þ¡¢Ó°ÏìÁìÓò

Roundcube Webmail < 1.6.8

Roundcube Webmail < 1.5.8

 

Èý¡¢°²È«´ëÊ©

3.1 Éý¼¶°æ±¾

ĿǰÕâЩ·ì϶ÒѾ­½¨¸´  £¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½ÒÔϰ汾£º

Roundcube Webmail >= 1.6.8

Roundcube Webmail >= 1.5.8

ÏÂÔØÁ´½Ó£º

https://github.com/roundcube/roundcubemail/releases/tag/1.6.8

3.2 һʱ´ëÊ©

ÔÝÎÞ¡£

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡  £¬Ï÷¼õϵͳ·ì϶  £¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì  £¬Åú¸Ä·À»ðǽսÊõ  £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ  £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø  £¬Ï÷¼õ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶°²È«²úÆ·  £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí  £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò  £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£

3.4 ²Î¿¼Á´½Ó

https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8

https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/

https://nvd.nist.gov/vuln/detail/CVE-2024-42009

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-08-06

³õ´Î°ä²¼

 

Îå¡¢¸½Â¼

5.1 28Ȧ¼ò½é

28Ȧ³ÉÁ¢ÓÚ1996Äê  £¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢Õ¼ÓÐÆëÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢°²È«¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢°²È«²úÆ·¡¢°²È«·þÎñ½â¾ö¹æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°28Ȧ´óÏà  £¬¹«Ë¾Ô±¹¤6000ÓàÈË  £¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊÓ×¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö  £¬Õ¼Óи²¸ÇÈ«¹úµÄÏúÊÛϵͳ¡¢Çþ·ϵͳºÍ¼¼ÊõÖ§³Öϵͳ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÀö½­ÖÐÓ×°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´  £¬28ȦÖÂÁ¦ÓÚÌṩӵÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´Ðµİ²È«²úÆ·ºÍ×î¼Ñʵ¼Ê·þÎñ  £¬Ô®ÊÖ¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄ°²È«ÐԺͳö²úЧÁ¦  £¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢°²È«²úÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸ÖÂÁ¦¡£

5.2 ¹ØÓÚ28Ȧ

28Ȧ°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄÒѰ䲼1000¶à¸ö·ì϶¹«¸æÎ¢·çÏÕÔ¤¾¯  £¬ÎÒÃǽ«³ÖÐø¸ú×ÙÈ«Çò×îеÄÍøÂ簲ȫÊÂÎñºÍ·ì϶  £¬ÎªÆóÒµµÄÐÅÏ¢°²È«±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png