Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

A possible BUG that is very serious!! ROOT ACCESS

Discussion in 'General Discussion' started by jpabboud, Aug 26, 2004.

  1. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    151
    Ok one of my customers reported that he was able to type "su" in his jailshell and it gave him root without even asking for a password. I didn't believe it until I logged in using a regular account and typed su... before I could even realize I had root access on important folders on the system like /var /tmp /bin /usr.

    This is of course a very serious BUG affecting my Cpanel WHM 9.4.0 cPanel 9.4.1-E73 on FreeBSD 5.2.1-RELEASE-p8, I'm not sure if it's an isolated problem or a general one so I would appreciate if some of you guys could test it on your own servers.


    Jean-Pierre Abboud
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    191
    /bin/su permission denied

    is the response I get.
     
  3. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    151
    Ok what version of Cpanel/Operating System ?

     
  4. Seal

    Seal Member

    Joined:
    Jul 11, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    /bin/su permission denied
    RHE
    WHM 9.4.0 cPanel 9.4.1-R64
     
  5. K_aneda

    K_aneda Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Sydney, Australia
    Our /bin/su has permissions to execute and read removed from non-wheel and non-root users anyway. When moved back, tested with users, with and without jailshell, users cant escalate priveleges to uid=0. Running latest cPanel RELEASE.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    151
    I'm curious to see if any of those tests were done on a FreeBSD server, the FreeBSD jailshell has been really unstable/buggy so it wouldn't surprise me if it was affecting only FreeBSD servers.
     
  7. K_aneda

    K_aneda Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Sydney, Australia
    Oops forgot to quote OS, Redhat Enterprise 3.0ES... yes it would, maybe we should ask the techs in the IRC channel, no?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    191
    CentOS, RH9 / Current build of cPanel
     
  9. jpabboud

    jpabboud Member

    Joined:
    Jun 10, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    151
    I immediately opened a ticket with Cpanel... What's the IRC server, channel (sorry never visited before).
     
  10. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    166
    For future reference please send security related issues to security@cpanel.net. This is a public forum which everyone (cpanel owners and hackers) can view.

    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. cPanelBilly

    cPanelBilly Guest

    I just tested this on a
    WHM 9.7.2 cPanel 9.7.2-E16
    FreeBSD 5.1-RELEASE i386 - WHM X v3.1.0
    server and was not able to replicate the issue. Can you please put in a ticket and either PM me the ticket # or post it here so I can have a look into it.
     
  12. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,480
    Likes Received:
    30
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
    I am also unable to verify this, tested 1 linux, 1 amd64 freebsd box and 3 i386 freebsd boxes.
     
  13. hicom

    hicom Well-Known Member

    Joined:
    May 23, 2003
    Messages:
    282
    Likes Received:
    2
    Trophy Points:
    168
    I have tested it on 4.10 and did not work. With Jailshell you can't get SU at all. with regular shell obviously need to enter a password.

    Must be something with your machine, bro.
     
  14. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Nirvana
    You may have been rooted and your su binary may have been modified. I recommend getting your box checked out.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. dandanfireman

    dandanfireman Well-Known Member
    PartnerNOC

    Joined:
    May 31, 2002
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    316
    I have also been able to verify this. It appears that only a portion of the files are visible, possbily only those in virtfs, but su does execute and returns "root" when executing whoami command.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Nirvana
    Please email all details you can to security@cpanel.net. Make the email VERY detailed, that is key.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice