Category: Security

cPanel vulnerability – TSR-2016-0001 Announcement

cPanel/WHM, Security, Vulnerability, Web Hosting, WHM

Cheap reseller Hosting


cpanel

 

cPanel TSR-2016-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv2 scores ranging from 2.1 to 10.0.

Information on cPanel’s security ratings is available at Security Levels – cPanel Knowledge Base – cPanel Documentation.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

11.54.0.4 & Greater
11.52.2.4 & Greater
11.50.4.3 & Greater
11.48.5.2 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at Downloads | cPanel, Inc..

SECURITY ISSUE INFORMATION

The cPanel security team identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 20 vulnerabilities in cPanel & WHM software versions 11.54, 11.52, 11.50, and 11.48.

Due to the severity of the issues addressed in this release, cPanel is extending the blackout period on additional information to a full week. Additional information is scheduled for release on January 25, 2016.

For information on cPanel & WHM Versions and the Release Process, read our documentation at:
cPanel & WHM Product Versions and the Release Process – cPanel Knowledge Base – cPanel Documentation

For the PGP Signed version of this announcement please visit https://news.cpanel.com/wp-content/uploads/2016/01/TSR-2016-0001-Announcement.txt


Cheap web Hosting


Leave a comment ,

CloudFlare (cPanel Plugin) v5.3.2 symlink attack vulnerability !

Security

Cheap reseller Hosting


cloud

 

 

Type: Symlink Attack
Location: Local
Impact: High
Product: CloudFlare (cPanel Plugin)
Website: http://www.cloudflare.com
Vulnerable Version: 5.3.2
Fixed Version: 5.3.11
CVE: -
R911: 0187
Date: 2016-01-15

 

Product Description:

CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.
Vulnerability Description:

Due to a carefully timed symlink attack directed at the cloudflare_data.yaml file, it is possible for a malicious user to change the permissions on any root owned file to 600 which could lead to the OS being disabled.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that should the malicious user target certain system files, such as /etc/passwd, it could render the OS inoperable.
Vulnerable Version:

This vulnerability was tested against CloudFlare (cPanel Plugin) v5.3.2 and is believed to exist in all prior versions.
Fixed Version:

This vulnerability was patched CloudFlare (cPanel Plugin) v5.3.11.
Vendor Contact Timeline:

2016-01-13: Vendor contacted via HackerOne.

2016-01-13: Vendor confirms vulnerability.

2016-01-14: Vendor issues update.

2016-01-15: RACK911 Labs issues security advisory.

 

 

How to Check the Latest Version of  Cloudflare cPanel Plugin on Server

cat /usr/local/cpanel/etc/cloudflare.json | grep version

 

To Update the Cloudflare version

/usr/local/cpanel/bin/cloudflare_update.sh force

 

Soure : RACK911 Labs

 

 

 

 

 


Cheap web Hosting


Leave a comment ,

Error : Fix the WHM CSF Security Test

cPanel/WHM, Error and Solution , How to, Security, Website, WHM

Cheap reseller Hosting


How to fix the WHM CSF security test errors!

Csf logo

As a part of ensuring security, Hostripples perform a CSF security scan from WHM. We may get the following error after the scan. 

“Check csf LF_SCRIPT_ALERT option WARNING This option will notify you when a large amount of email is sent from a particular script on the server, helping track down spam scripts”

 

-fix-the-WHM-CSF

 

To fix this error :

 

1) SSH into the

href=”https://hostripples.com/dedicated-servers/ssh-server-hosting”>server

.

2) Edit the csf configuration file by using following command:

vi /etc/csf/csf.conf

3) Search for LF_SCRIPT_ALERT = “0″

4) Change the value from “0″ to “1″ to fix the issue.

5) Restart the CSF.

 

You may also get the following error :

 

“Check exim for extended logging (log_selector) WARNING You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:log_selector = +arguments +subject +received_recipients”

 

FIX:

1) Edit the exim configuration file by using following command :

/etc/exim.conf

2) Change the value from “log_selector = +all” to the following :

log_selector = +arguments +subject +received_recipients

3) Save changes.

4) Restart the CSF.

.

.

.

.

This should resolve the error


Cheap web Hosting


Leave a comment , , , ,

Magento web e-commerce SUPEE-5344 critical RCE (remote code execution) vulnerability .

Security

Cheap reseller Hosting


magento-security-update

A patch to address the flaws was released on February 9, 2015 (SUPEE-5344 available here). Store owners and administrators are urged to apply the patch immediately if they haven’t done so already.

RECOMMENDED ACTIONS:

1. Check for unknown files in the web server document root directory. If you find any, you may be impacted.

2. Download and implement 2 patches from the Magento Community Edition download page.

    • SUPEE-5344 – Addresses a potential remote code execution exploit (Added Feb 9, 2015)
    • SUPEE-1533 – Addresses two potential remote code execution exploits (Added Oct 3, 2014)

3. Implement and test the patches in a development environment first to confirm that they work as expected before deploying them to your production site.

Note: Different versions of the patch are available for Magento Community Edition 1.4.x through 1.9.x.

HOW TO DOWNLOAD?

You can access Magento’s Community Edition download page from here. Find “Magento Community Edition Patches” section and download the right security patch.


Cheap web Hosting


Leave a comment , ,