I Agree.Originally Posted by randomuser
![]()
![]()
I Agree.Originally Posted by randomuser
![]()
![]()
Regards,
RAIS
{ RAIS Hosting }~{ Superior Hosting Solutions - Personal, Business, Reseller Solutions. Great value }
{ RAIS Domains }~{ Low cost Domain Name registration services }
Ok everything working great now:
perl cpanel_exploit_checker_092406.pl
cPanel Exploit Checker 3.0
Checking /usr/local/cpanel/bin/mysqladmin...safe..Done
Checking /usr/local/cpanel/bin/hooksadmin...not installed (ok) Done
Your system has been
patched!
Originally Posted by randomuser
Double unshift's but that won't hurt anything ... Looks Good![]()
![]()
![]()
![]()
![]()
Is this correct after running sec092406.pl ?
mysqladmin:
Code:BEGIN { @INC=grep(!/(^\.|\.\.|\/\.+)/,@INC); unshift( @INC, "/usr/local/cpanel" ); @INC=grep(/^(\/usr\/lib\d*\/perl|\/usr\/local\/lib\d*\/perl|\/usr\/local\/cpanel)/,@INC); unshift(@INC,"/usr/local/cpanel"); @INC=grep(!/^\./,@INC); }
edit: just built a new VDS, which has this:
Code:BEGIN { @INC=grep(!/(^\.|\.\.|\/\.+)/,@INC); unshift( @INC, "/usr/local/cpanel" ); @INC=grep(/^(\/usr\/lib\d*\/perl|\/usr\/local\/lib\d*\/perl|\/usr\/local\/cpanel)/,@INC); }
both the VDS and the first server are: 10.8.2-STABLE_120
more edit: I guess I'll just have to manually remove the last 2 (original) lines from the 5 liner. arg cPanel........
Last edited by randomuser; 09-24-2006 at 07:16 PM.
Is there an issue with mysql on the latest Cpanel current/edge builds?![]()
Originally Posted by randomuser
Both are fineRemoving the last 2 from the original might make it .001% faster though.
Originally Posted by WireNine
Some peoplpe have reported a problem with seeing new dbs in phpmyadmin. Its currently being investigated.
well you can see the databaases now in cpanel but when you go to php my admin we are now getting these errors
Warning: session_write_close(): open(/tmp/sess_4fd40f552ff324f4dcb2163ff90cb39e, O_RDWR) failed: Permission denied (13) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php on line 44
Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php on line 44
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php:44) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php on line 101
Hello,
I've done /scripts/upcp and ran sec092406.pl.
Now when I run the first checker "cpanel_exp_check_09_24_06[1].pl.txt" it shows
-------------
not safe
-------------
but if I run the latest checker "cpanel_exploit_checker_092406.pl", it shows this.
-------------
cPanel Exploit Checker 3.0
Checking /usr/local/cpanel/bin/mysqladmin...safe..Done
Checking /usr/local/cpanel/bin/hooksadmin...not installed (ok) Done
Your system has been
patched!
-------------
Does this mean the server is safe now?
Thanks.
I was just going to post that. Very confusing as to what is going on.Originally Posted by sfxx
I was "safe" last night after /upcp, now running this new script it has made me "not safe".
If I run...
wget -q -O - http://layer1.cpanel.net/installer/sec092406.pl | perl
am I completely patched up or not regardless of what the old checker script says?
Last edited by 0utlier; 09-24-2006 at 10:25 PM.
Getting the same thing here....
CentOS 3
This has been an evolving process. Only run the latest scripts/checks as the patch has been changing so the old checks won't properly work.Originally Posted by 0utlier
[ EDIT: The rest removed due to me being even more stupid. ]
Hal
Last edited by hbouma; 09-25-2006 at 02:08 AM.
Is an upcp --force gonna fix this crap or do we have to update all servers to edge/current? Can we have an official word on this...my freakin head hurts. Enough already...let's get this fixed.
I just re-read this entire thread and I think I know what's going on. If you want to use the patch method then use the most current version of the patch located at http://forums.cpanel.net/showthread.php?t=58134 which is a sticky at the top of every forum. The most current version appears to be version 3.
--------------------------------------------------------------------------------------------------
The version 3 of the patch script supercedes all other patch scripts and you NEED to use the newest version (version 3) of the patch script (located at http://forums.cpanel.net/showthread.php?t=58134) to be safe, regardless of whatever other script you've used with the patch method.
--------------------------------------------------------------------------------------------------
Is the above statment correct?
What makes you say that upcp has not updated this server?Originally Posted by hbouma
Assuming the tests/patches for this particular hole are now working correctly, mysqladmin is passing the test, and the file hooksadmin does not exist ("not installed") which it doesn't on either some of the cpanel trees or certain distros - I don't have it on my stable or release boxes so I couldn't tell you what it does - but because it's not there, it's 'ok'.
"Your system has been patched" appears whenever the script completes successfully and all the files are deemed to be safe. It doesn't necessarily mean it's actually done anything to achieve this.