Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Security Update for cPanel & WHM Versions 11.38, 11.36, 11.34 and 11.32

KrisKris Member
edited May 2013 in General

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

cPanel, Inc. has published a security update for cPanel & WHM versions 11.38, 11.36, 11.34, and 11.32. This update resolves an issue with unchecked reseller privileges. We recommend all customers update to the latest build of each version as soon as possible.

The cPanel Security Team has assigned a rating of Moderate to the vulnerability. Information on security ratings is available at http://docs.cpanel.net/twiki/bin/view/AllDocumentation/SecurityLevels

Using a handcrafted URL, a malicious reseller could cause WHM to overwrite files in root's .ssh directory with a randomly generated private key. This could result in a denial of service attack if the key is being used.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then you are highly encouraged to update your cPanel & WHM installs at your earliest convenience.

Releases

The following versions of cPanel & WHM address all known vulnerabilities:

  • 11.38.0.5
  • 11.36.1.6
  • 11.34.1.14
  • 11.32.6.5

The latest public releases of cPanel & WHM for all update tiers are published at http://httpupdate.cpanel.net.

Acknowledgements

cPanel, Inc. would like to thank Patrick at Synhosting for reporting the vulnerability.

TL;DR - /scripts/upcp --force ASAP - especially if you have resellers on your servers.

Comments

Sign In or Register to comment.