#196 (permalink)  
Old 09-24-2006, 07:02 PM
Registered User
 
Join Date: Jul 2004
Posts: 203
.:RAIS:. is on a distinguished road
Quote:
Originally Posted by randomuser
How about a friggin sticky across all forums with the latest and greatest patch/security check?
This thread is outta control.
I Agree.
__________________
Regards,
RAIS


{ RAIS Hosting }~{ Superior Hosting Solutions - Personal, Business, Reseller Solutions. Great value }
{ RAIS Domains }~{ Low cost Domain Name registration services }
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #197 (permalink)  
Old 09-24-2006, 07:09 PM
Registered User
 
Join Date: May 2005
Posts: 224
zigzam is on a distinguished road
Ok everything working great now:

perl cpanel_exploit_checker_092406.pl
cPanel Exploit Checker 3.0
Checking /usr/local/cpanel/bin/mysqladmin...safe..Done
Checking /usr/local/cpanel/bin/hooksadmin...not installed (ok) Done
Your system has been
patched!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #198 (permalink)  
Old 09-24-2006, 07:10 PM
cpanelnick's Avatar
cPanel Staff
 
Join Date: Feb 2003
Location: Houston, TX
Posts: 4,330
cpanelnick is on a distinguished road
Quote:
Originally Posted by randomuser
Is this correct after running sec092406.pl ?


mysqladmin:

Code:
BEGIN {
        @INC=grep(!/(^\.|\.\.|\/\.+)/,@INC);
        unshift( @INC, "/usr/local/cpanel" );
        @INC=grep(/^(\/usr\/lib\d*\/perl|\/usr\/local\/lib\d*\/perl|\/usr\/local\/cpanel)/,@INC);
   unshift(@INC,"/usr/local/cpanel");
   @INC=grep(!/^\./,@INC);
}

Double unshift's but that won't hurt anything ... Looks Good
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #199 (permalink)  
Old 09-24-2006, 07:11 PM
Registered User
 
Join Date: Jun 2005
Posts: 159
randomuser is on a distinguished road
Is this correct after running sec092406.pl ?


mysqladmin:

Code:
BEGIN {
        @INC=grep(!/(^\.|\.\.|\/\.+)/,@INC);
        unshift( @INC, "/usr/local/cpanel" );
        @INC=grep(/^(\/usr\/lib\d*\/perl|\/usr\/local\/lib\d*\/perl|\/usr\/local\/cpanel)/,@INC);
   unshift(@INC,"/usr/local/cpanel");
   @INC=grep(!/^\./,@INC);
}

edit: just built a new VDS, which has this:

Code:
BEGIN {
        @INC=grep(!/(^\.|\.\.|\/\.+)/,@INC);
        unshift( @INC, "/usr/local/cpanel" );
        @INC=grep(/^(\/usr\/lib\d*\/perl|\/usr\/local\/lib\d*\/perl|\/usr\/local\/cpanel)/,@INC);
}

both the VDS and the first server are: 10.8.2-STABLE_120


more edit: I guess I'll just have to manually remove the last 2 (original) lines from the 5 liner. arg cPanel........

Last edited by randomuser; 09-24-2006 at 07:16 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #200 (permalink)  
Old 09-24-2006, 07:32 PM
Registered User
 
Join Date: Aug 2006
Posts: 182
WireNine is on a distinguished road
Is there an issue with mysql on the latest Cpanel current/edge builds?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #201 (permalink)  
Old 09-24-2006, 07:38 PM
cpanelnick's Avatar
cPanel Staff
 
Join Date: Feb 2003
Location: Houston, TX
Posts: 4,330
cpanelnick is on a distinguished road
Quote:
Originally Posted by randomuser
Is this correct after running sec092406.pl ?


mysqladmin:

Code:
BEGIN {
        @INC=grep(!/(^\.|\.\.|\/\.+)/,@INC);
        unshift( @INC, "/usr/local/cpanel" );
        @INC=grep(/^(\/usr\/lib\d*\/perl|\/usr\/local\/lib\d*\/perl|\/usr\/local\/cpanel)/,@INC);
   unshift(@INC,"/usr/local/cpanel");
   @INC=grep(!/^\./,@INC);
}

edit: just built a new VDS, which has this:

Code:
BEGIN {
        @INC=grep(!/(^\.|\.\.|\/\.+)/,@INC);
        unshift( @INC, "/usr/local/cpanel" );
        @INC=grep(/^(\/usr\/lib\d*\/perl|\/usr\/local\/lib\d*\/perl|\/usr\/local\/cpanel)/,@INC);
}

both the VDS and the first server are: 10.8.2-STABLE_120


more edit: I guess I'll just have to manually remove the last 2 (original) lines from the 5 liner. arg cPanel........

Both are fine Removing the last 2 from the original might make it .001% faster though.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #202 (permalink)  
Old 09-24-2006, 07:39 PM
cpanelnick's Avatar
cPanel Staff
 
Join Date: Feb 2003
Location: Houston, TX
Posts: 4,330
cpanelnick is on a distinguished road
Quote:
Originally Posted by WireNine
Is there an issue with mysql on the latest Cpanel current/edge builds?

Some peoplpe have reported a problem with seeing new dbs in phpmyadmin. Its currently being investigated.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #203 (permalink)  
Old 09-24-2006, 07:50 PM
Registered User
 
Join Date: Dec 2003
Location: PA
Posts: 106
merlinpa1969
well you can see the databaases now in cpanel but when you go to php my admin we are now getting these errors

Warning: session_write_close(): open(/tmp/sess_4fd40f552ff324f4dcb2163ff90cb39e, O_RDWR) failed: Permission denied (13) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php on line 44

Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php on line 44

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php:44) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php on line 101
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #204 (permalink)  
Old 09-24-2006, 10:12 PM
Registered User
 
Join Date: May 2003
Posts: 24
sfxx
confused

Hello,
I've done /scripts/upcp and ran sec092406.pl.

Now when I run the first checker "cpanel_exp_check_09_24_06[1].pl.txt" it shows
-------------
not safe
-------------

but if I run the latest checker "cpanel_exploit_checker_092406.pl", it shows this.
-------------
cPanel Exploit Checker 3.0
Checking /usr/local/cpanel/bin/mysqladmin...safe..Done
Checking /usr/local/cpanel/bin/hooksadmin...not installed (ok) Done
Your system has been
patched!
-------------

Does this mean the server is safe now?

Thanks.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #205 (permalink)  
Old 09-24-2006, 10:21 PM
Registered User
 
Join Date: Aug 2002
Posts: 48
0utlier
Quote:
Originally Posted by sfxx
Hello,
I've done /scripts/upcp and ran sec092406.pl.

Now when I run the first checker "cpanel_exp_check_09_24_06[1].pl.txt" it shows
-------------
not safe
-------------

but if I run the latest checker "cpanel_exploit_checker_092406.pl", it shows this.
-------------
cPanel Exploit Checker 3.0
Checking /usr/local/cpanel/bin/mysqladmin...safe..Done
Checking /usr/local/cpanel/bin/hooksadmin...not installed (ok) Done
Your system has been
patched!
-------------

Does this mean the server is safe now?

Thanks.
I was just going to post that. Very confusing as to what is going on.

I was "safe" last night after /upcp, now running this new script it has made me "not safe".

If I run...

wget -q -O - http://layer1.cpanel.net/installer/sec092406.pl | perl

am I completely patched up or not regardless of what the old checker script says?

Last edited by 0utlier; 09-24-2006 at 10:25 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #206 (permalink)  
Old 09-24-2006, 10:24 PM
Registered User
 
Join Date: Aug 2003
Posts: 238
dwykofka is on a distinguished road
Getting the same thing here....

CentOS 3
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #207 (permalink)  
Old 09-24-2006, 10:54 PM
Registered User
 
Join Date: Jun 2002
Posts: 44
hbouma
Quote:
Originally Posted by 0utlier
I was just going to post that. Very confusing as to what is going on.

am I completely patched up or not regardless of what the old checker script says?
This has been an evolving process. Only run the latest scripts/checks as the patch has been changing so the old checks won't properly work.

[ EDIT: The rest removed due to me being even more stupid. ]

Hal

Last edited by hbouma; 09-25-2006 at 02:08 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #208 (permalink)  
Old 09-24-2006, 11:17 PM
Registered User
 
Join Date: Feb 2003
Posts: 190
LS_Drew is on a distinguished road
Is an upcp --force gonna fix this crap or do we have to update all servers to edge/current? Can we have an official word on this...my freakin head hurts. Enough already...let's get this fixed.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #209 (permalink)  
Old 09-24-2006, 11:43 PM
Registered User
 
Join Date: Aug 2002
Posts: 48
0utlier
I just re-read this entire thread and I think I know what's going on. If you want to use the patch method then use the most current version of the patch located at http://forums.cpanel.net/showthread.php?t=58134 which is a sticky at the top of every forum. The most current version appears to be version 3.

--------------------------------------------------------------------------------------------------

The version 3 of the patch script supercedes all other patch scripts and you NEED to use the newest version (version 3) of the patch script (located at http://forums.cpanel.net/showthread.php?t=58134) to be safe, regardless of whatever other script you've used with the patch method.

--------------------------------------------------------------------------------------------------

Is the above statment correct?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #210 (permalink)  
Old 09-24-2006, 11:44 PM
Registered User
 
Join Date: Jan 2004
Posts: 121
philb is on a distinguished road
Quote:
Originally Posted by hbouma
The problem I've noticed on all my servers tonight after running /scripts/upcp, I still have to run cpanel_exploit_checker_092406.pl because the 2nd patch is not done. For example, after running /scripts/cpup I get:

Quote:
# perl cpanel_exploit_checker_092406.pl
cPanel Exploit Checker 3.0
Checking /usr/local/cpanel/bin/mysqladmin...safe..Done
Checking /usr/local/cpanel/bin/hooksadmin...not installed (ok) Done
Your system has been patched!
What makes you say that upcp has not updated this server?

Assuming the tests/patches for this particular hole are now working correctly, mysqladmin is passing the test, and the file hooksadmin does not exist ("not installed") which it doesn't on either some of the cpanel trees or certain distros - I don't have it on my stable or release boxes so I couldn't tell you what it does - but because it's not there, it's 'ok'.

"Your system has been patched" appears whenever the script completes successfully and all the files are deemed to be safe. It doesn't necessarily mean it's actually done anything to achieve this.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 08:45 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
© cPanel Inc