--- ALERT: Open whole for hackers in CPanel ---

DianaL

Active Member
Sep 9, 2002
30
0
156
There is a whole in Cpanel that allows hacker to take FULL CONTROL over ANY account on your server.
More still to come, I'am checking this with few ISP's.

WHY DIDN'T ANYONE FROM CPANEL TOLD US ABOUT THIS ???
There is a BIG - HUGE security whole in Cpanel and no one didn't say anything about it ??
come on CPanel support where are you ??
 

DianaL

Active Member
Sep 9, 2002
30
0
156
I'am asking CPanel support I need to know is this bug fixed 100% in new CPanel 6, as stated "maybe" is not good for me, I need to know for A FACT is version 6 completey off this security risk ?
 

Annette

Well-Known Member
PartnerNOC
Aug 12, 2001
445
0
316
What hole would that be? There's no shortage of people who take delight in pointing out security issues with cPanel and then point to something else as being superior, despite the fact that there are holes to be found in everything. There are also indications in WHM news about issues that crop up with something in cPanel and their resolutions, even if they don't always check their spelling first:

"All traces of openwebmail have been elimiated as it has multiple secuirty issues."
"Fix a large secuirty hole in guestbook.cgi"

Much better than our old Alabanza days where we reported bugs and then waited...and waited...and waited....
 

SoftmegUK

Well-Known Member
Feb 13, 2002
368
0
316
UK
Originally posted by iisnet
btw..it's spelt H-O-L-E. :)
lol would you mind tellings us all what this huge hole is then?
 

Website Rob

Well-Known Member
Mar 23, 2002
1,501
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
I wonder if the whole "hole" security thing is about the HOT bug, common with so many systems. It's a known fact that it works on "any" operating system in any Country at any time of the day. The HOT bug has been around as long as there have been Computers, the possibility of eliminating it seems to be about NIL!

Hackers, Crackers, and Whackers have long known about the HOT bug and it seems only now, most IT depts. are cluing in to it.

Mwwwhahaha...
Be afraid, be very afraid.
 

Website Rob

Well-Known Member
Mar 23, 2002
1,501
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Whoops... got you all excited and forgot to specifiy what the HOT bug is.

It's a Human On Telephone of course. :D
 

shaun

Well-Known Member
PartnerNOC
Verifed Vendor
Nov 9, 2001
702
1
318
San Clemente, Ca
cPanel Access Level
DataCenter Provider
Twitter
This is a semi-old problem, A security group found the vuln and i was subscribed to it. I tested both holes. The guestbook vuln was true, and the openwebmail one was not. Openwebmail was still removed because it's not used. I informed nick of these the "hole" right away and he fixed them. I think he actually might have had the guestbook hole fixed before. anyway, upgrading to build 6.0.x fix's the problems.
 

LS_Drew

Well-Known Member
Feb 20, 2003
187
0
166
Originally posted by DianaL
There is a whole in Cpanel that allows hacker to take FULL CONTROL over ANY account on your server.
More still to come, I'am checking this with few ISP's.

WHY DIDN'T ANYONE FROM CPANEL TOLD US ABOUT THIS ???
There is a BIG - HUGE security whole in Cpanel and no one didn't say anything about it ??
come on CPanel support where are you ??
Quit being a dumbass. Fixing it involved changing a couple of permissions...
 

norm

Well-Known Member
Apr 23, 2002
52
0
306
What is this hole you are talking about? Care to be a bit more specific?

Is it the guestbook which was already patched?

Inquiring minds would like to know ;)