hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : cPanel critical vulnerability
Reply

Forum Jump

cPanel critical vulnerability

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 03-01-2006, 01:59 AM
phiber_9 phiber_9 is offline
Newbie
 
Join Date: Feb 2005
Posts: 17

cPanel critical vulnerability


A vulnerability was discovered in the File Manager of cPanel WysiwygPro editor.
Any file hosted on a cPanel server with File Manager editor can be edited without any authorization.

[edited]


Last edited by bear; 03-01-2006 at 07:58 AM.


Sponsored Links
  #2  
Old 03-01-2006, 04:43 AM
3spades 3spades is offline
Web Hosting Master
 
Join Date: Oct 2002
Location: Brooklyn NY
Posts: 817
Quote:
Workaround
By running: "chmod 000 /usr/local/cpanel/3rdparty/WysiwygPro" the WysiwygPro editor is disabled.
There, now they dont need to go to your site and view your ads to get the fix.

__________________
Why do they call them fingers? I never seen them fing. Oh, there they go.


  #3  
Old 03-01-2006, 01:27 PM
andren andren is offline
Web Hosting Master
 
Join Date: Jun 2005
Posts: 697
Quote:
Originally Posted by phiber_9
A vulnerability was discovered in the File Manager of cPanel WysiwygPro editor.
Any file hosted on a cPanel server with File Manager editor can be edited without any authorization.

[edited]
Hm. pretty late announcement for a security company, don't you think?
It is several days old.

__________________
ReflexNetworks means Happy Clients!

Sponsored Links
  #4  
Old 03-01-2006, 01:38 PM
WireNine WireNine is online now
The Geek is coming
 
Join Date: Aug 2004
Location: Toronto
Posts: 7,284
Maybe cpanel will release an update soon to fix this.

__________________
WireNine Hosting since 2004
Shared Hosting, Reseller Hosting & VPS Hosting 24/7 friendly support

  #5  
Old 03-01-2006, 02:13 PM
phiber_9 phiber_9 is offline
Newbie
 
Join Date: Feb 2005
Posts: 17
Quote:
Originally Posted by andren
Hm. pretty late announcement for a security company, don't you think?
No. Why?
Posting this vulnerability would point blackhats where to look.
Also, it would be blackhat by itself not to get at least some kind of feedback from cPanel staff, possible official-workarounds and etc.

Quote:
Originally Posted by WN-Ali
Maybe cpanel will release an update soon to fix this.
It's already fixed in latest EDGE, however I wouldn't advise running EDGE on production servers.

Reply

Related posts from TheWhir.com
Title Type Date Posted
WHMCS Releases Patch to Address Critical Security Issue Web Hosting News 2013-10-04 16:12:43
Heroku Works with Security Researcher to Fix Password Vulnerability Web Hosting News 2013-01-10 12:51:17
cPanel Security Updates Address Perl Module Vulnerabilities Web Hosting News 2012-12-06 12:55:54
cPanel Conference 2012: Branding and How to Do it Better with Felipe Gasper Web Hosting News 2012-10-09 18:00:02
Video: cPanel and Attracta Talk About Integrating SEO Tools into the Hosting Control Panel Whir Tv 2013-10-05 05:55:56


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?