Jeff
09-24-2006, 02:38 AM
This thread has been closed
Please refer to the latest thread, which has been posted here:
http://forum.myriadnetwork.com/showthread.php?t=237
--
A critical vulnerability has been found and is actively being exploited on unpatched cPanel servers. Details are currently sparse, but you can find more information here:
http://forums.cpanel.net/showthread.php?t=58090
Q. How do I know if my version of cPanel is vulnerable?
A. Run the following perl script on your server (as posted in the cPanel thread above, on page 5, by cPanel staff member Nick):
#!/usr/bin/perl
my $v=0;
my $b='/usr/local/cpanel/bin';
my $a='admin';
my $s=[98,46,46,112,101,114,108];
my $st=join('',map { chr($_); } @{$s} );
foreach my $f ("$b/mysql$a","$b/hooks$a")
{
next if (! -e $f);
my $ft;
open(my $fh,'<',$f);
while(readline($fh)) {
$ft.=$_;
}
if($ft !~ /${st}/) {
$v=1;
}
}
print "\n\n".($v?'not safe':'safe')."\n\n";
You do not need to be root to run the check.
Q. How do I use or run this code?
A.
1. Log into the shell via ssh
2. Paste the contents into a file:
cat > cpseccheck.pl
(paste the contents here, and hit enter until you are on a blank line)
(hit control+c)
3. Type: perl cpseccheck.pl
This will come back with 1 of 2 things: safe, or not safe.
If it comes back as safe, no action on your part is required, as your server was likely already updated during a nightly cPanel update.
If it comes back as not safe, then you need to update your cPanel install. This can be done by running the following command, as root, from the shell:
/scripts/upcp
4. Be patient, this may take a while. When this is done, re run the cpseccheck.pl and it should now say "safe".
If you have any questions, please feel free to post them here, or to open a ticket. If you need direct assistance, please open a ticket and be sure to provide your VEID (this is the 3 digit VDS ID number provided in your Welcome email), or your dedicated server ID.
Please refer to the latest thread, which has been posted here:
http://forum.myriadnetwork.com/showthread.php?t=237
--
A critical vulnerability has been found and is actively being exploited on unpatched cPanel servers. Details are currently sparse, but you can find more information here:
http://forums.cpanel.net/showthread.php?t=58090
Q. How do I know if my version of cPanel is vulnerable?
A. Run the following perl script on your server (as posted in the cPanel thread above, on page 5, by cPanel staff member Nick):
#!/usr/bin/perl
my $v=0;
my $b='/usr/local/cpanel/bin';
my $a='admin';
my $s=[98,46,46,112,101,114,108];
my $st=join('',map { chr($_); } @{$s} );
foreach my $f ("$b/mysql$a","$b/hooks$a")
{
next if (! -e $f);
my $ft;
open(my $fh,'<',$f);
while(readline($fh)) {
$ft.=$_;
}
if($ft !~ /${st}/) {
$v=1;
}
}
print "\n\n".($v?'not safe':'safe')."\n\n";
You do not need to be root to run the check.
Q. How do I use or run this code?
A.
1. Log into the shell via ssh
2. Paste the contents into a file:
cat > cpseccheck.pl
(paste the contents here, and hit enter until you are on a blank line)
(hit control+c)
3. Type: perl cpseccheck.pl
This will come back with 1 of 2 things: safe, or not safe.
If it comes back as safe, no action on your part is required, as your server was likely already updated during a nightly cPanel update.
If it comes back as not safe, then you need to update your cPanel install. This can be done by running the following command, as root, from the shell:
/scripts/upcp
4. Be patient, this may take a while. When this is done, re run the cpseccheck.pl and it should now say "safe".
If you have any questions, please feel free to post them here, or to open a ticket. If you need direct assistance, please open a ticket and be sure to provide your VEID (this is the 3 digit VDS ID number provided in your Welcome email), or your dedicated server ID.