Omar

Well-Known Member
Jul 30, 2002
82
0
156
I tried to manually update to build 53 just now, it goes through the update fine....but after closing the window, and re-logging in, it still shows up as build 52.

Is this just me?

I've tried the update twice now.

-Omar
 

Omar

Well-Known Member
Jul 30, 2002
82
0
156
Yup, it did an auto-update too, and still the same thing.

I tried the update on a different server, with the same result.

- Omar
 

parag

Well-Known Member
Aug 16, 2001
115
0
316
same thing for me..

and if you try to update it again it will detect that you have the older version 52 and will try to update 53 .. but will never update it .

Parag
 

itf

Well-Known Member
May 9, 2002
624
0
316
[b:fd6d12491e] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info

http://forums.cpanel.net/read.php?TID=4074
[/b:fd6d12491e]
 

parag

Well-Known Member
Aug 16, 2001
115
0
316
[quote:9c151e77ba][i:9c151e77ba]Originally posted by itf[/i:9c151e77ba]

[b:9c151e77ba] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info

http://forums.cpanel.net/read.php?TID=4074
[/b:9c151e77ba][/quote:9c151e77ba]


Hi ITF

I think we were talking about the cpanel builds and its updates - where did Interchange came in :)

Parag
 

itf

Well-Known Member
May 9, 2002
624
0
316
[quote:466cba29e0][i:466cba29e0]Originally posted by parag[/i:466cba29e0]

[quote:466cba29e0][i:466cba29e0]Originally posted by itf[/i:466cba29e0]

[b:466cba29e0] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info

http://forums.cpanel.net/read.php?TID=4074
[/b:466cba29e0][/quote:466cba29e0]


Hi ITF

I think we were talking about the cpanel builds and its updates - where did Interchange came in :)

Parag[/quote:466cba29e0]

Updating Cpanel overwrites Interchange (however it was unsuccessful) then you are vulnerable

Whatever you want, you --parag don’t apply that
 

parag

Well-Known Member
Aug 16, 2001
115
0
316
hi itf

i already fixed the interchange exploit few days back.

but i have also saved the procedure you posted ;) thanks

And its not the question of applying it or not - i was wondering why suddenly interchange came into the picture - so just asked - nothing much

Omar - Interchange is a Shopping Cart System :)

Parag
 

itf

Well-Known Member
May 9, 2002
624
0
316
[quote:e04bf0f98f][i:e04bf0f98f]Originally posted by parag[/i:e04bf0f98f]

hi itf

i already fixed the interchange exploit few days back.

but i have also saved the procedure you posted ;) thanks

Omar - Interchange is a Shopping Cart System :)

Parag[/quote:e04bf0f98f]

please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrites the Interchange, I mean if you applied my hack before this update you are now vulnerable
 

parag

Well-Known Member
Aug 16, 2001
115
0
316
[quote:19a6eac11f][i:19a6eac11f]Originally posted by itf[/i:19a6eac11f]

[quote:19a6eac11f][i:19a6eac11f]Originally posted by parag[/i:19a6eac11f]

hi itf

i already fixed the interchange exploit few days back.

but i have also saved the procedure you posted ;) thanks

Omar - Interchange is a Shopping Cart System :)

Parag[/quote:19a6eac11f]

please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrote the Interchange, I mean if you applied my hack before this update you are now vulnerable[/quote:19a6eac11f]

yeah yeah i understand what you mean -

but i did it the other way using iptables and have those rules in the init script itself

Parag
 

Curious Too

Well-Known Member
Aug 31, 2001
428
1
318
cPanel Access Level
Root Administrator
To be clear --

the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.
 

mikerayner

Well-Known Member
Apr 10, 2002
192
0
316
[quote:738ca93159][i:738ca93159]Originally posted by Curious Too[/i:738ca93159]

To be clear --

the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:738ca93159]
I thought build 53 would solve the problem then didn't lock that file.
 

parag

Well-Known Member
Aug 16, 2001
115
0
316
[quote:c95dd188e1][i:c95dd188e1]Originally posted by Curious Too[/i:c95dd188e1]

To be clear --

the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:c95dd188e1]

hi curious too

we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.

ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.

because of the faiilure in updating build 53 - its not overwritten.

first read all the posts..

Parag
 

mikerayner

Well-Known Member
Apr 10, 2002
192
0
316
build 53 upgrade works but it installs build 52, I checked it out by manually upgrading it in SSH session by using /scripts/upcp and it ovewrites everything (cpanel softaware)
 

Curious Too

Well-Known Member
Aug 31, 2001
428
1
318
cPanel Access Level
Root Administrator
[quote:a1afac30aa][i:a1afac30aa]Originally posted by parag[/i:a1afac30aa]

[quote:a1afac30aa][i:a1afac30aa]Originally posted by Curious Too[/i:a1afac30aa]

To be clear --

the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:a1afac30aa]

hi curious too

we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.

ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.

because of the faiilure in updating build 53 - its not overwritten.

first read all the posts..

Parag

[/quote:a1afac30aa]

Your sarcasm is not appreciated.

I did read all the posts. I hacked the Server.pm file according to the instructions. When I ran the upcp script the hacked file was overwritten with the old Server.pm file. I then re-hacked the file and chattr +i the file and ran the upcp script. Even though the Server.pm file was not overwritten the server DID NOT update to Build 53.
 

mikerayner

Well-Known Member
Apr 10, 2002
192
0
316
Curious Too


server.pm (the hack provided by ITF) is overwritten after upgrade, build 53 doesn't work but it rewrites everything

use /scripts/upcp in a root SSH session then you can see build 53 overwrites everything it also overwrites Interchange but does not upgrade properly and shows build 52

rewriting server.pm or not is irrelevant to build 53 problem just we have to make sure if server.pm was overwritten your system is vulnerable and have to apply ITF's hack

but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
 

Curious Too

Well-Known Member
Aug 31, 2001
428
1
318
cPanel Access Level
Root Administrator
[quote:aee1fdd24e][i:aee1fdd24e]Originally posted by mikerayner[/i:aee1fdd24e]
but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
[/quote:aee1fdd24e]

Yes, I know, I'm hoping that when the real build 53 is released it will include the hacked version of Server.pm instead of the vulnerable version. In the meantime, since all my servers run the autoupdate I have to lock Server.pm until the new build is released.