Er is een veiligheidslek in cPanel gevonden. Het lek komt voor in alle cPanel versies (tiers). Aan te raden is dus voor alle cPanel webhosts, mocht het niet al automatisch gebeuren, om cPanel te updaten.

Opgelet: treft alle 11.30/11.32/11.34 versies!



Important: cPanel & WHM 11.30/32/34 Security Release

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated this update as having important security impact. Information on security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience.

Releases

Version 11.30.7.4 of cPanel & WHM addresses all known vulnerabilities. The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.

Security Issue Information

The resolved security issues were identified by various members of the development and quality assurance teams at cPanel. There is no reason to believe that these vulnerabilities are known to the public. As such, cPanel will only release limited information regarding the vulnerabilities.

Once sufficient time has passed to allow cPanel & WHM systems to automatically update their installed software to the new versions, cPanel will release additional information regarding the nature of the security issue. This Targeted Security Release addresses five vulnerabilities. Additional information is scheduled to be released December 6, 2012, via email.

Wellicht slim om het onderwerp uit te breiden door een mod, aangezien dit ook geldt voor 11.32 en 11.34.
Het veiligheidslek is nog niet gedocumenteerd, maar heeft hoogstwaarschijnlijk van doen met pureauth.

Aanvullend:
http://cpanel.net/important-information-about-todays-update-for-servers-that-updated-between-1pm-2pm-cst/

Startpost en topic titel aangepast.

Dank je ®on. Het gaat inderdaad om ALLE cpanel versies. Zover ik ook heb kunnen zien worden in alle versies pureauth geupdate. Op enkele servers werden ook andere dingen geüpdatet al lijkt dat geen verband te hebben met het veiligheidslek. Het updaten ging gister inderdaad trager dan normaal zoals in de aanvullende notice is te lezen. Blijkbaar hebben de servers van cPanel het drukker dan normaal doordat iedereen op de update knop drukt.
Voor iedereen die automatisch updaten nog niet aan heeft in cPanel is dit zeker aan te raden om aan te zetten. Hetscheelt een hele hoop werk en je weet ten minste zeker dat je alle (veiligheids) updates mee krijgt. In al die jaren dat ik cPanel gebruik is er maar 1 keertje een heel kleine foutje ontstaan na een update op een cPanel server waar enkel een zeer klein aantal klanten last van had op de betreffende server. Dit probleem was trouwens binnen 24 uur door cPanel gefixt nadat ik er melding van had gemaakt.

Ben benieuwd wat het probleem nou inhoud. Ik kan niet namelijk helemaal vinden waar pureauth voor is. Voor zover ik weet doet het iets met het verwerken van de FTP logins.

Het lijkt mij verstandiger als cPanel er pas over een paar weken inhoudelijk op ingaat, voordat je de exploit blootlegt met grotere gevolgen van dien. Het kan nu al mensen aansporen om bewust naar de exploit op zoek te gaan en er misbruik van gaan maken.

Het lijkt mij verstandiger als cPanel er pas over een paar weken inhoudelijk op ingaat, voordat je de exploit blootlegt met grotere gevolgen van dien. Het kan nu al mensen aansporen om bewust naar de exploit op zoek te gaan en er misbruik van gaan maken.

Goed punt gezien het feit dat er nog steeds heel veel personen/bedrijven laks zijn als het gaat om security updates.

Het updaten ging gister inderdaad trager dan normaal zoals in de aanvullende notice is te lezen.

Was inderdaad al over gecommuniceerd (zelfs nog voordat onze cPanel servers geüpdated waren):



Hello,


Due to this morning's security release, we are seeing heavier than
normal network traffic, and have made adjustments that will compensate for this traffic. We apologize for excessive communication during this security release; we want every customer to have a good experience with our support and our software. If your server performed the update process between 1pm and 2pm CST, we recommend verifying the version number or re-running the update.


It is also important to note these issues have nothing to do with the security of cPanel software. More information about the cPanel & WHM 11.30 / 11.32 and 11.34 security announcement will be emailed and posted to www.cpanel.net December 6th 2012.

En een update:

Important: New Information about cPanel & WHM 11.30, 11.32, and 11.34 Updates Now Available

Summary:

cPanel & WHM 11.30.7.4; 11.32.5.15; 11.34.0.11, which fixes multiple security issues, is now available for download.

cPanel has rated these updates as having important security impact. Information on security ratings is available at http://go.cpanel.net/securitylevels.

Description:

The Perl Storable module provides support for serialization and deserialization of Perl data structures. In cPanel & WHM this functionality is used for caching data to disk and transferring data between processes. In many areas this caching and interprocess communication crosses privilege separation boundaries. A local malicious user could use this behavior to inject code into serialized data structures, thus allowing for code execution and possibility of privilege escalation.

The Perl YAML::Syck module provides similar functionality as the Storable module. The version of YAML::Syck used in previous releases of cPanel & WHM allowed serialized data to be blessed into arbitrary packages as it was deserialized. This could be leveraged to perform unsafe actions in object destructors.

The version of Locale::Maketext used in previous releases of cPanel & WHM suffered from two flaws in the _compile() function which allowed authenticated users to execute arbitrary code by supplying specially crafted translatable phrases.

cPanel & WHM relies on the Crypt::Passwd:: XS Perl module to perform password hashing. This module suffers from the same vulnerability disclosed in CVE-2012-2143 where passwords with the 0x80 character are truncated when hashed using the DES crypt algorithm. cPanel & WHM systems are configured by default to use the stronger MD5 and SHA512 crypt password hashing algorithms.

The version of Cpanel::Locale used in previous releases of cPanel & WHM included two date formatting functions that passed unsanitized user input to a subprocess shell. An authenticated attacker could use this functionality to execute arbitrary shell commands on the local system bypassing normal restrictions on local code execution.

These issues were discovered by various members of the Development and Quality Assurance teams at cPanel.

Solution:

We recommend updating your cPanel & WHM system as follows;

Update cPanel & WHM 11.30 to 11.30.7.3 or newer.
Update cPanel & WHM 11.32 to 11.32.5.14 or newer.
Update cPanel & WHM 11.34 to 11.34.0.10 or newer.

To check which version of cPanel you have, go to http://go.cpanel.net/myversion

A full listing of published versions can always be found at http://httpupdate.cpanel.net/.

References:

http://cpanel.net/case-59926/
http://cpanel.net/case-60203/
http://cpanel.net/case-60970/
http://cpanel.net/case-61251/
http://cpanel.net/case-62230/

==============================================
You are receiving this email because you have opted in via software registration, our online forums or were previous subscribed to a mailing list.

Update your profile:
http://cpanel.us2.list-manage1.com/profile?u=8cbf530b79f192d542f82f492&id=2ffe0539ad&e=71339fb0f9

Forward this email to a friend:
http://us2.forward-to-friend.com/forward?u=8cbf530b79f192d542f82f492&id=2f95a3a180&e=71339fb0f9

Unsubscribe domenico@klikhosting.nl from this list:
http://cpanel.us2.list-manage.com/unsubscribe?u=8cbf530b79f192d542f82f492&id=2ffe0539ad&e=71339fb0f9&c=2f95a3a180

Our mailing address is:
cPanel, Inc.
3131 W. Alabama Street
Suite 100
Houston, TX 77098

Our telephone:
7135290800