CloudFlare (cPanel Plugin) v5.3.2 symlink attack vulnerability !


Cheap reseller Hosting


cloud

 

 

Type: Symlink Attack
Location: Local
Impact: High
Product: CloudFlare (cPanel Plugin)
Website: http://www.cloudflare.com
Vulnerable Version: 5.3.2
Fixed Version: 5.3.11
CVE: -
R911: 0187
Date: 2016-01-15

 

Product Description:

CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.
Vulnerability Description:

Due to a carefully timed symlink attack directed at the cloudflare_data.yaml file, it is possible for a malicious user to change the permissions on any root owned file to 600 which could lead to the OS being disabled.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that should the malicious user target certain system files, such as /etc/passwd, it could render the OS inoperable.
Vulnerable Version:

This vulnerability was tested against CloudFlare (cPanel Plugin) v5.3.2 and is believed to exist in all prior versions.
Fixed Version:

This vulnerability was patched CloudFlare (cPanel Plugin) v5.3.11.
Vendor Contact Timeline:

2016-01-13: Vendor contacted via HackerOne.

2016-01-13: Vendor confirms vulnerability.

2016-01-14: Vendor issues update.

2016-01-15: RACK911 Labs issues security advisory.

 

 

How to Check the Latest Version of  Cloudflare cPanel Plugin on Server

cat /usr/local/cpanel/etc/cloudflare.json | grep version

 

To Update the Cloudflare version

/usr/local/cpanel/bin/cloudflare_update.sh force

 

Soure : RACK911 Labs

 

 

 

 

 


Cheap web Hosting


How to Install mod_cloudflare on cPanel


Cheap reseller Hosting


cloudflare

Installing mod_cloudflare on cPanel

CloudFlare is a performance and security service. The CloudFlare cPanel plugin makes it easy to integrate into your hosting control panel. The CloudFlare module automatically translates visitor IP addresses to reflect the visitor’s original IP address rather than the IP address of the CloudFlare proxy servers.

Installing mod_cloudflare on a cPanel server is very easy. Just follow 8 steps as below. 

 

Step 1 :

Download core file by using the following command : 

wget https://raw.githubusercontent.com/cloudflare/mod_cloudflare/master/mod_cloudflare.c

 

Step 2 :

Connect to your server through SSH and log in as root.

 

Step 3 :

Change directory to /usr/local/src by using the following command : 

cd /usr/local/src

 

Step 4 :

Get the source code for mod_cloudflare by using the following command :

wget –no-check-certificate https://raw.github.com/cloudflare/mod_cloudflare/master/mod_cloudflare.c CloudFlare-Tools/master/mod_cloudflare.c

 

Step 5 :

Build and install mod_cloudflare by using Apache Extension Tool by using the following command : 

apxs -a -i -c mod_cloudflare.c

 

Step 6 :

Restart the Apache Server daemon by using the following command : 

service httpd restart

 

Step 7 :

Update the Apache configuration data by using the following command : 

/usr/local/cpanel/bin/apache_conf_distiller –update

 

Step 8 :

Confirm the module is loaded properly by using the following command : 

httpd -M | grep cloud

cloudflare
.
.
.
.
.

Now,

Apache will log the visitors’ IP addresses instead of the CloudFlare IP’s.

 

 

 


Cheap web Hosting