Multiple Horde Framework product source files have been compromised and contain a back door that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
According to Horde reports, the source distribution FTP servers for products such as Horde version 3.3.12, Groupware version 1.2.10, and Groupware Webmail edition version 1.2.10 were compromised, and an unspecified source file was manipulated to contain a back door.
All framework installations with the source download performed during early November 2011 until February 7, 2012 are affected by this issue and could allow an unauthenticated, remote attacker to use the back door to execute arbitrary PHP script on a targeted system.
Proof-of-concept code that exploits this issue is publicly available.
Users can verify the affected installations by searching for the $m($m)
signature in the Horde directory tree.
The vendor has confirmed that other product versions remain unaffected.