Results 1 to 11 of 11

Thread: ProFTPd patched? Root exploit possible

  1. #1
    Registered Member
    Join Date
    Mar 2003
    Posts
    63

    Default ProFTPd patched? Root exploit possible

    A root exploit has just been released for ProFTPd versions up to 1.2.9rc2! Is the latest CPanel RPM patched at all?

    http://updates.cpanel.net/proftpd-1....privs.i386.rpm

    -Dario

    cPanel.net Support Ticket Number:

  2. #2
    FWC
    FWC is offline
    Registered Member
    Join Date
    May 2002
    Location
    Ontario, Canada
    Posts
    354

    Default

    Do you have a link to a report or are you referring to the old exploit from Sept. 23? If it's the latter, ProFTP is patched.

  3. #3
    Registered Member
    Join Date
    Jan 2003
    Posts
    205

    Default

    I believe hes referring to this which just popped up on bugtraq:

    Attached is a remote root, chroot-breaking brute-force exploit for the \n
    processing bug in ProFTPd 1.2.7 - 1.2.9rc2. It has been tested successfully
    on SuSE 8.0/8.1 & RedHat 7.2 and 8.0.

    Note: it is noisy and leaves a lot of mess (ie, bad uploaded text files) on
    the target server. It is left as an excercise for the reader to remove these
    or rework the exploit to do the deletion.

    Cheers,
    Haggis

    cPanel.net Support Ticket Number:

  4. #4
    Registered Member
    Join Date
    Mar 2003
    Posts
    63

    Default

    Originally posted by qwerty
    I believe hes referring to this which just popped up on bugtraq:
    Yup! That's the one... One thing is to have a known bug hangin'... Another is to have a readily available exploit code! I asked 'cause the CPanel ProFTPd RPM file does not use the "p" (for "patched") in the version number after "rc2", like:

    proftpd-1.2.9rc2ptls-3_linuxprivs.i386.rpm

    -Dario

    PS.: is this site S-L-O-W or what?!?!

    cPanel.net Support Ticket Number:

  5. #5
    Registered Member
    Join Date
    Feb 2003
    Posts
    71

    Default

    The version cpanel installed for me has the exploit in it. I had to install from the source as someone notified me about it :P

    Peace Out

  6. #6
    Registered Member
    Join Date
    Feb 2003
    Posts
    71

    Default

    Nope, faster just to upgrade it myself. Im sure Cpanel has other important things to work on, like more cpanel features.

    Peace Out

  7. #7
    Registered Member
    Join Date
    Oct 2003
    Posts
    1,015

    Default

    Or cPanel folks can subscribe to the various well known security lists and/or mailing lists for the applications they integrate and keep up on these things themselves.

    Would it be better that cPanel sits on a ticket while hundreds of script kiddies go around attacking servers that are unprotected?

    cPanel people need to start offering more support through these forums. It makes sense financially (helps avoid duplicate support incidents) and it keeps customers happy. Why else have an "official" support forum? It is bad enough you have to register and be authorized before you can see that cPanel employees do a pretty good job of ignoring most support threads. Is this an open source project? Is this software free (any way you want to interpret it)?

    Are there any other active public support forums for cPanel? Maybe someone needs to start one. Perhaps if the secret gets out that cPanel offers poor forum support, then they will be motivated to do something about it.

  8. #8
    Registered Member cPanel Partner NOC Badge myusername's Avatar
    Join Date
    Mar 2003
    Location
    chown -R us.us *yourbase*
    Posts
    714
    cPanel/WHM Access Level

    DataCenter Provider

    Default

    Having to get a username is better than being available for every one to see.

    Better would be only cPanel owners being able to see these forums so when someone decides to announce to the world how to hack a box not eveyone and their grandma has access to these forums.

    My .02

  9. #9
    Registered Member
    Join Date
    Feb 2003
    Posts
    71

    Default

    I agree with their decision requiring usernames. I dont think requiring to type in a valid cpanel ip to register to help make sure only cpanel users can access these forums.

    Peace Out

  10. #10
    Registered Member
    Join Date
    Feb 2003
    Posts
    71

    Default

    That must be recent cause this past week the vunerability was found on the latest version that CPanel installs. Latest as of November 5, 2003.

    Peace Out.

  11. #11
    Registered Member
    Join Date
    Oct 2003
    Posts
    1,015

    Default

    Originally posted by JCave
    I agree with their decision requiring usernames. I dont think requiring to type in a valid cpanel ip to register to help make sure only cpanel users can access these forums.
    It wouldn't be too difficult for them to create an access key and then require registered users to enter the access key and IP when registering. I have no objection to cutting the "noise" in these forums by making it a subscriber only venue. I do not think it would make cPanel installs any more or less secure.

    What does that have to do with the need for an independant support forum?

    Back on topic

    I went back and checked the changelogs for Sept. 22-28 and did not see any reference to updating proftp for security reasons. If it had been listed, this thread may never have exisited.

Similar Threads

  1. SpamAssassin Root Exploit
    By Arvand in forum Security
    Replies: 0
    Last Post: 03-09-2010, 08:28 AM
  2. Linux vmsplice Local Root Exploit (2.6.17 - 2.6.24.1)
    By gorilla in forum cPanel & WHM Discussions
    Replies: 14
    Last Post: 02-14-2008, 03:26 AM
  3. cpwrap root exploit
    By otsh in forum cPanel & WHM Discussions
    Replies: 2
    Last Post: 10-11-2006, 12:41 PM
  4. Exim ROOT Exploit
    By echo_bg in forum cPanel & WHM Discussions
    Replies: 2
    Last Post: 10-12-2005, 11:32 AM
  5. proftpd exploit
    By JamesSmith in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 09-23-2003, 11:10 PM
bargain