--- ALERT: Open whole for hackers in CPanel ---

[DianaL]

There is a whole in Cpanel that allows hacker to take FULL CONTROL over ANY account on your server.
More still to come, I'am checking this with few ISP's.

WHY DIDN'T ANYONE FROM CPANEL TOLD US ABOUT THIS ???
There is a BIG - HUGE security whole in Cpanel and no one didn't say anything about it ??
come on CPanel support where are you ??

 

[DianaL]

I'am asking CPanel support I need to know is this bug fixed 100% in new CPanel 6, as stated "maybe" is not good for me, I need to know for A FACT is version 6 completey off this security risk ?

 

[Annette]

What hole would that be? There's no shortage of people who take delight in pointing out security issues with cPanel and then point to something else as being superior, despite the fact that there are holes to be found in everything. There are also indications in WHM news about issues that crop up with something in cPanel and their resolutions, even if they don't always check their spelling first:

"All traces of openwebmail have been elimiated as it has multiple secuirty issues."
"Fix a large secuirty hole in guestbook.cgi"

Much better than our old Alabanza days where we reported bugs and then waited...and waited...and waited....

 

[iisnet]

btw..it's spelt H-O-L-E.

 

[SoftmegUK]

Originally posted by iisnet
btw..it's spelt H-O-L-E.

lol would you mind tellings us all what this huge hole is then?

 

[Website Rob]

I wonder if the whole "hole" security thing is about the HOT bug, common with so many systems. It's a known fact that it works on "any" operating system in any Country at any time of the day. The HOT bug has been around as long as there have been Computers, the possibility of eliminating it seems to be about NIL!

Hackers, Crackers, and Whackers have long known about the HOT bug and it seems only now, most IT depts. are cluing in to it.

Mwwwhahaha...
Be afraid, be very afraid.

 

[Website Rob]

Whoops... got you all excited and forgot to specifiy what the HOT bug is.

It's a Human On Telephone of course. :D

 

[dgbaker]

Originally posted by Website Rob
Whoops... got you all excited and forgot to specifiy what the HOT bug is.

It's a Human On Telephone of course. :D

Sweet!!! I like that one...:D

 

[shaun]

This is a semi-old problem, A security group found the vuln and i was subscribed to it. I tested both holes. The guestbook vuln was true, and the openwebmail one was not. Openwebmail was still removed because it's not used. I informed nick of these the "hole" right away and he fixed them. I think he actually might have had the guestbook hole fixed before. anyway, upgrading to build 6.0.x fix's the problems.

 

[LS_Drew]

Originally posted by DianaL
There is a whole in Cpanel that allows hacker to take FULL CONTROL over ANY account on your server.
More still to come, I'am checking this with few ISP's.

WHY DIDN'T ANYONE FROM CPANEL TOLD US ABOUT THIS ???
There is a BIG - HUGE security whole in Cpanel and no one didn't say anything about it ??
come on CPanel support where are you ??

Quit being a dumbass. Fixing it involved changing a couple of permissions...

 

[norm]

What is this hole you are talking about? Care to be a bit more specific?

Is it the guestbook which was already patched?

Inquiring minds would like to know

 

[MikeMc]

oh...nevermind..post edited