hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : cPanel critical vulnerability
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

cPanel critical vulnerability

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 03-01-2006, 01:59 AM
phiber_9 phiber_9 is offline
Newbie
  
Join Date: Feb 2005
Posts: 17

cPanel critical vulnerability

A vulnerability was discovered in the File Manager of cPanel WysiwygPro editor.
Any file hosted on a cPanel server with File Manager editor can be edited without any authorization.

[edited]

__________________
Xatrix Security - computer security news

Last edited by bear; 03-01-2006 at 07:58 AM.
Reply With Quote


Sponsored Links
  #2  
Old 03-01-2006, 04:43 AM
3spades 3spades is offline
Web Hosting Master
  
Join Date: Oct 2002
Location: Brooklyn NY
Posts: 808
Quote:
Workaround
By running: "chmod 000 /usr/local/cpanel/3rdparty/WysiwygPro" the WysiwygPro editor is disabled.
There, now they dont need to go to your site and view your ads to get the fix.

__________________
Why do they call them fingers? I never seen them fing. Oh, there they go.


Reply With Quote
  #3  
Old 03-01-2006, 01:27 PM
andren andren is offline
Web Hosting Master
  
Join Date: Jun 2005
Posts: 697
Quote:
Originally Posted by phiber_9
A vulnerability was discovered in the File Manager of cPanel WysiwygPro editor.
Any file hosted on a cPanel server with File Manager editor can be edited without any authorization.

[edited]
Hm. pretty late announcement for a security company, don't you think?
It is several days old.

__________________
ReflexNetworks means Happy Clients!

Reply With Quote
Sponsored Links
  #4  
Old 03-01-2006, 01:38 PM
WireNine WireNine is offline
The Geek is coming
  
Join Date: Aug 2004
Location: Toronto
Posts: 7,103
Maybe cpanel will release an update soon to fix this.

__________________
■█► WireNine.com 8+ years in business!
■█► Shared Hosting, Reseller Hosting and VPS Hosting 24/7 Support 99.9% Uptime 60 Day Money Back Guarantee
■█► cPanel, Litespeed, CloudFlare, Softaculous, Attracta SEO, Site Builder
■█► Find us on Facebook and follow us @wirenine

Reply With Quote
  #5  
Old 03-01-2006, 02:13 PM
phiber_9 phiber_9 is offline
Newbie
  
Join Date: Feb 2005
Posts: 17
Quote:
Originally Posted by andren
Hm. pretty late announcement for a security company, don't you think?
No. Why?
Posting this vulnerability would point blackhats where to look.
Also, it would be blackhat by itself not to get at least some kind of feedback from cPanel staff, possible official-workarounds and etc.

Quote:
Originally Posted by WN-Ali
Maybe cpanel will release an update soon to fix this.
It's already fixed in latest EDGE, however I wouldn't advise running EDGE on production servers.

__________________
Xatrix Security - computer security news

Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Heroku Works with Security Researcher to Fix Password Vulnerability Web Hosting News 2013-01-10 12:51:17
cPanel Security Updates Address Perl Module Vulnerabilities Web Hosting News 2012-12-06 12:55:54
Video: cPanel and Attracta Talk About Integrating SEO Tools into the Hosting Control Panel Whir Tv 2012-08-31 14:10:47
cPanel Kicks Off Automation Bootcamp Conference on Monday Web Hosting News 2011-10-07 14:49:20
cPanel to Launch Certification Program at cPanel Conference 2011 Web Hosting News 2011-09-21 18:15:42


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks

Cisco Researcher Discovers Possible Exploit Vector for DarkLeech Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?