PDA

Bekijk Volledige Versie : CPanel: ernstige lek gevonden!


McRox
24/09/06, 01:48
Een ernstige lek is gevonden in cPanel. Binnen een aantal uur is cPanel gelukkig met de nodige patches/updates gekomen en is het inmiddels ook in WHM te lezen:


Security Notice:
A security vulnerability was discovered in cPanel which may result in privilege escalation. This vulnerability can be resolved by updating your cPanel software here. The necessary patch will occur automatically on all servers during the daily execution of upcp. If cron jobs have been disabled on your server, then you should manually update your cPanel software.

Oplossing; zo spoedig mogelijk updaten. Als auto-updates actief is zal de lek automatisch gepatched worden.

Just a heads up.. :)
djalken
24/09/06, 10:48
Lang leve de autoupdate maar he ;)
dreamhost_nl
24/09/06, 11:43
Tip Via het volgende Perl bestand kun je zien of je server "safe" is of "not safe". Bij "not safe" heb je upcp dus nog niet gedraaid of is er iets verkeerd gegaan daar...
londoneye
25/09/06, 00:19
Blijft hier "not safe" zeggen.

Deze werkt wel :-)

You can verified the server is patched by running:

wget -q -O - http://layer1.cpanel.net/installer/cpanel_exploit_checker_092406.pl | perl

Jammer, had 'm ook wel ff vooraf willen checken :-)
®on
25/09/06, 08:55
De quick fix, zonder te hoeven upcp'en:

SSH into your server and gain root access
wget -q -O - http://layer1.cpanel.net/installer/sec092406.pl | perl


You can verified the server is patched by running:


wget -q -O - http://layer1.cpanel.net/installer/cpanel_exploit_checker_092406.pl | perl
Freezer
25/09/06, 09:29
Fijn dat het gauw gefixed was. Hier iig alles patched.
dreamhost_nl
25/09/06, 11:26
Blijft hier "not safe" zeggen.

Deze werkt wel :-)

You can verified the server is patched by running:

wget -q -O - http://layer1.cpanel.net/installer/cpanel_exploit_checker_092406.pl | perl

Jammer, had 'm ook wel ff vooraf willen checken :-)

Vreemd, want het is hetzelfde script als het script dat je via wget ophaalt... :huh:


We have recently released an updated security patch for RELEASE/STABLE.
This patch includes the same protections (updated wrapper) that were
added to the CURRENT/EDGE trees. We recommend updating all RELEASE and
STABLE boxes with this patch. Please note that all boxes will be
automatically updated with this patch during tonight's update if
automatic updates are enabled.



To apply this patch:



wget -q -O - http://layer1.cpanel.net/installer/sec092506.pl | perl



or



/scripts/upcp



Please note that you will not need to patch new installs.