09-23-2006, 03:19 PM
|
|
View Beta Profile
Junior Guru Wannabe
|
|
Join Date: Apr 2006
Location: Dallas, Texas USA
Posts: 71
|
|
|
cPanel Exploit
Just a heads up.. looks like there's a root exploit out for cPanel servers. cPanel has been informed. Admin companies + Anyone else interested please Contact me for info how to atleast stop it until there's proper "fix" provided by cpanel.
I'm worried about posting the specifics on a public forum until there's a official patch/fix out.
Very serious: Gives attackers full root access, will not show up in rootkit checks. Many of your machines may already be affected.
__________________
- Comprehensive Server Management & End User Support
- Now 100% U.S. Owned & Operated
- Now offering instantly ready end-user support. 30secondsupport.com
|
09-23-2006, 03:21 PM
|
|
View Beta Profile
<insert something witty>
|
|
Join Date: Apr 2000
Location: California
Posts: 3,047
|
|
|
Major security issue with Cpanel. Watch for updates.
This is just a notice to you guys to watch for updates and to ensure your system is updated once Cpanel fixes this.
We were hit by an issue with viruses being injected into random web pages (html, php, etc.) for any IE browsers. We cleaned the servers, but have located the method used.
We can't (and won't) release any details or hints about this issue, but it's been confirmed to be a security issue with Cpanel and we're contacting them at this time to inform them of this urgent issue.
This post is just a notice and warning to be aware that there will surely be an update from Cpanel that anyone running it will need to ensure its applied, so watch out for it soon.
|
09-23-2006, 03:22 PM
|
|
View Beta Profile
<insert something witty>
|
|
Join Date: Apr 2000
Location: California
Posts: 3,047
|
|
|
09-23-2006, 03:25 PM
|
|
View Beta Profile
Junior Guru Wannabe
|
|
Join Date: Apr 2006
Location: Dallas, Texas USA
Posts: 71
|
|
Looks like we both posted about the same issue. 
__________________
- Comprehensive Server Management & End User Support
- Now 100% U.S. Owned & Operated
- Now offering instantly ready end-user support. 30secondsupport.com
|
09-23-2006, 03:30 PM
|
|
View Beta Profile
Aspiring Evangelist
|
|
Join Date: May 2006
Location: Florida, USA
Posts: 362
|
|
And how does one know that a server is infected please? What do we look for? I assume that this is the same thing that hit HostGator.
__________________
Host, YES! ™
Reselling? Partner for profit instead!
|
09-23-2006, 03:34 PM
|
|
View Beta Profile
-=Quits Here=-
|
|
Join Date: Sep 2005
Location: In canada, Saskatoon
Posts: 3,165
|
|
And how did you guys come to know of it ?
|
09-23-2006, 03:35 PM
|
|
View Beta Profile
-=Quits Here=-
|
|
Join Date: Sep 2005
Location: In canada, Saskatoon
Posts: 3,165
|
|
Quote:
|
Originally Posted by ServerSupportGuys
Looks like we both posted about the same issue. |
Yup and can a fix be posted as well ? 
|
09-23-2006, 03:46 PM
|
|
View Beta Profile
Temporarily Suspended
|
|
Join Date: Mar 2003
Location: California USA
Posts: 9,735
|
|
I can confirm this finding.
|
09-23-2006, 03:48 PM
|
|
View Beta Profile
Junior Guru Wannabe
|
|
Join Date: Apr 2006
Location: Dallas, Texas USA
Posts: 71
|
|
I think that's a little irresponsible. I'm going to hold off until we hear from cPanel.
__________________
- Comprehensive Server Management & End User Support
- Now 100% U.S. Owned & Operated
- Now offering instantly ready end-user support. 30secondsupport.com
|
09-23-2006, 03:53 PM
|
|
|
What's irresponsible?
Should we just chown 000 /usr/local/cpanel until the patch is put out? (which I would assume would be today considering the severity)
|
09-23-2006, 03:55 PM
|
|
View Beta Profile
Junior Guru Wannabe
|
|
Join Date: Apr 2006
Location: Dallas, Texas USA
Posts: 71
|
|
__________________
- Comprehensive Server Management & End User Support
- Now 100% U.S. Owned & Operated
- Now offering instantly ready end-user support. 30secondsupport.com
|
09-23-2006, 05:20 PM
|
|
|
This has been confirmed and patched. Running /scripts/upcp will fix the vulnerability in all builds. Please note that this is a local exploit which requires access to a cPanel account.
Please send information such as this to security@cpanel.net to make us aware. The first communication we received was at 2:15pm CST. If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance. ( https://tickets.cpanel.net/submit/in...eqtype=tickets)
__________________
-Dave
cPanel Inc.
Need to submit a support request for your cPanel server? Go here
|
09-23-2006, 05:25 PM
|
|
View Beta Profile
Junior Guru Wannabe
|
|
Join Date: Apr 2006
Location: Dallas, Texas USA
Posts: 71
|
|
__________________
- Comprehensive Server Management & End User Support
- Now 100% U.S. Owned & Operated
- Now offering instantly ready end-user support. 30secondsupport.com
|
09-23-2006, 05:39 PM
|
|
|
|
cPanel Auto Heal
When I ran /scripts/upcp from the SSH CLI, I see a well marked (in green) "cPanel Auto Heal 2.4 Running".
I'm asking for identification purpose to assure my servers are current: Is this the fix?
Thanks for the prompt response and updates.
__________________
Dan
DanTech Services
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
