Security Advisory

[cpaneldave]

Please upgrade all cPanel servers to remove a potential security vulnerability that allows escalated access.

Instructions:

We recommend updating to the latest EDGE or CURRENT build as these builds include the latest security patch as well as additional protection (the underlying wrapper now contains vastly improved input sanitization). To do this, you will need to modify your upgrade settings thorugh the ‘Update Config’ function in the ‘Server Configuration’ menu of WebHost Manager:

1) Login to WebHost Manager

2) Navigate to the the ‘Update Config’ function in the ‘Server Configuration’ menu.

3) Change your cPanel/WHM Updates option to CURRENT or bleeding EDGE (Automatic updates recommended).

4) Click on ‘Save’

5) Use the ‘Upgrade to Latest Version’ option within the ‘cPanel’ menu.


Alternately:

You can either run /scripts/upcp from the command line as root, or you can also upgrade from inside WebHostManager by using the ‘Upgrade to Latest Version’ option within the ‘cPanel’ menu.


You can also apply the patch without updating:

SSH into your server and gain root access
wget -q -O - http://layer1.cpanel.net/installer/sec092506.pl | perl

You can verified the server is patched by running:
wget -q -O - http://layer1.cpanel.net/installer/c...cker_092406.pl cpanel_exploit_checker_092406.pl | perl



Discussion Thread Major Exploit