The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A possible BUG that is very serious!! ROOT ACCESS

Discussion in 'General Discussion' started by jpabboud, Aug 26, 2004.

  1. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Ok one of my customers reported that he was able to type "su" in his jailshell and it gave him root without even asking for a password. I didn't believe it until I logged in using a regular account and typed su... before I could even realize I had root access on important folders on the system like /var /tmp /bin /usr.

    This is of course a very serious BUG affecting my Cpanel WHM 9.4.0 cPanel 9.4.1-E73 on FreeBSD 5.2.1-RELEASE-p8, I'm not sure if it's an isolated problem or a general one so I would appreciate if some of you guys could test it on your own servers.


    Jean-Pierre Abboud
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    /bin/su permission denied

    is the response I get.
     
  3. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Ok what version of Cpanel/Operating System ?

     
  4. Seal

    Seal Member

    Joined:
    Jul 11, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    /bin/su permission denied
    RHE
    WHM 9.4.0 cPanel 9.4.1-R64
     
  5. K_aneda

    K_aneda Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sydney, Australia
    Our /bin/su has permissions to execute and read removed from non-wheel and non-root users anyway. When moved back, tested with users, with and without jailshell, users cant escalate priveleges to uid=0. Running latest cPanel RELEASE.
     
  6. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I'm curious to see if any of those tests were done on a FreeBSD server, the FreeBSD jailshell has been really unstable/buggy so it wouldn't surprise me if it was affecting only FreeBSD servers.
     
  7. K_aneda

    K_aneda Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sydney, Australia
    Oops forgot to quote OS, Redhat Enterprise 3.0ES... yes it would, maybe we should ask the techs in the IRC channel, no?
     
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    CentOS, RH9 / Current build of cPanel
     
  9. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I immediately opened a ticket with Cpanel... What's the IRC server, channel (sorry never visited before).
     
  10. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    For future reference please send security related issues to security@cpanel.net. This is a public forum which everyone (cpanel owners and hackers) can view.

    Thanks.
     
  11. cPanelBilly

    cPanelBilly Guest

    I just tested this on a
    WHM 9.7.2 cPanel 9.7.2-E16
    FreeBSD 5.1-RELEASE i386 - WHM X v3.1.0
    server and was not able to replicate the issue. Can you please put in a ticket and either PM me the ticket # or post it here so I can have a look into it.
     
  12. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    I am also unable to verify this, tested 1 linux, 1 amd64 freebsd box and 3 i386 freebsd boxes.
     
  13. hicom

    hicom Well-Known Member

    Joined:
    May 23, 2003
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    16
    I have tested it on 4.10 and did not work. With Jailshell you can't get SU at all. with regular shell obviously need to enter a password.

    Must be something with your machine, bro.
     
  14. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    You may have been rooted and your su binary may have been modified. I recommend getting your box checked out.
     
  15. dandanfireman

    dandanfireman Well-Known Member
    PartnerNOC

    Joined:
    May 31, 2002
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    I have also been able to verify this. It appears that only a portion of the files are visible, possbily only those in virtfs, but su does execute and returns "root" when executing whoami command.
     
  16. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    Please email all details you can to security@cpanel.net. Make the email VERY detailed, that is key.
     
Loading...

Share This Page