Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 12-04-2012, 05:47 PM   #1
BradBreakfast
Confirmed User
 
BradBreakfast's Avatar
 
Join Date: Feb 2008
Posts: 415
EMERGENCY cPanel Update for 0day exploits

Hey guys -- I received an emergency e-mail from cPanel today that said there are new 0day exploits that have been found for cPanel servers and that some automatic updates failed due to the amount of traffic their update servers were receiving.

MAKE SURE when you login to cPanel WHM ROOT that is displays the version: WHM 11.34.0 (build 11) at the top. If it displays any lower version (like build 9) you need to update it.

-----------
E-mail from cPanel
-----------

Version 11.34.0.11 of cPanel & WHM addresses all known vulnerabilities. The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.

Security Issue Information

The resolved security issues were identified by various members of the development and quality assurance teams at cPanel. There is no reason to believe that these vulnerabilities are known to the public. As such, cPanel will only release limited information regarding the vulnerabilities.

Once sufficient time has passed to allow cPanel & WHM systems to automatically update their installed software to the new versions, cPanel will release additional information regarding the nature of the security issue. This Targeted Security Release addresses five vulnerabilities. Additional information is scheduled to be released December 6, 2012, via email.
__________________
GetClicky - The World's Most Advanced Real Time Ajax-based Analytics
BradBreakfast is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 12-04-2012, 05:59 PM   #2
V_RocKs
Damn Right I Kiss Ass!
 
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,366
received that 24 hours ago...
V_RocKs is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 12-04-2012, 06:02 PM   #3
AndrewX
Confirmed User
 
AndrewX's Avatar
 
Industry Role:
Join Date: Jan 2004
Posts: 574
What else is new? We believe they are largely responsible for a lot of bad web hosting experiences inflicted upon the poor website and application developers whose clients end up using them. From a systems administration perspective they make a horrible mess and in turn make the systems administrators very unhappy.

Cpanel compiles its own versions of software, the work required to apply patches to all of these custom compiled versions is immense and is usually performed by the operating system vendor (Microsoft, Red Hat etc). One of the results is a particularly poor security track record because the applications simply aren't patched as quickly or as methodically as they could/should be.

It also stores configuration and log files in non standard locations. When you're dealing with very complex operating systems which administrators spend years learning how to use, this means, staring a Linux server upon which cpanel has been installed their years of experience is not worth nearly as much as it should be. This means problems are harder to find, harder fix, slower and more costly to resolve. Which of course makes diagnostics and support very difficult and outages are longer.

Software versions are either terribly old, or so cutting edge that they breaks things. In the case of CPanel it takes an innovative approach to patch application. Normally, when an application is released, as bugs are found patches are released. Concurrently new versions of the same application are released. When a new version is released at first it wont have any bugs but over time they are found and patches are subsequently released. The cycle goes on. Normally, application vendors continue to release patches for both the new and the old versions of the applications they have released for the supported life (variable in length, but often up to 7 years) of the application. CPanel takes a different approach, rather than applying the patches to the existing versions of the applications, it simply upgrades them to the newest version in which bugs have not yet been found.
Why is this a problem? Take a hosting server which contains potentially hundreds of different websites all built by different website developers. A hosting company can't (and won't) test version upgrades on every site because it's simply not possible. They apply the updates and every time risk (or simply do) breaking many of the websites they hosting due incompatibilities in client code between application versions.

We prefer to use our low-resource and low-memory-footprint version of Virtualmin. You can practically do everything with it, and if you can not, our hosting is fully managed anyway. Drop us an email and we will do it for you.
__________________

█ ► XenLayer - Paravirtualization Professionals since 2008 - [ICQ: 297820698]
█ ► Reseller Hosting | OpenVZ VPS | XEN VPS | Dedicated Servers
AndrewX is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
cpanel, exploit, hacked, hacking, linux



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.