The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Build 53 Problem?

Discussion in 'General Discussion' started by Omar, Aug 10, 2002.

  1. Omar

    Omar Well-Known Member

    Joined:
    Jul 30, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    I tried to manually update to build 53 just now, it goes through the update fine....but after closing the window, and re-logging in, it still shows up as build 52.

    Is this just me?

    I've tried the update twice now.

    -Omar
     
  2. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    It seems this is the cpanel problem (new update)

    I got the same result
     
  3. Omar

    Omar Well-Known Member

    Joined:
    Jul 30, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    Yup, it did an auto-update too, and still the same thing.

    I tried the update on a different server, with the same result.

    - Omar
     
  4. parag

    parag Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    16
    same thing for me..

    and if you try to update it again it will detect that you have the older version 52 and will try to update 53 .. but will never update it .

    Parag
     
  5. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [b:fd6d12491e] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info

    http://forums.cpanel.net/read.php?TID=4074
    [/b:fd6d12491e]
     
  6. parag

    parag Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    16
    [quote:9c151e77ba][i:9c151e77ba]Originally posted by itf[/i:9c151e77ba]

    [b:9c151e77ba] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info

    http://forums.cpanel.net/read.php?TID=4074
    [/b:9c151e77ba][/quote:9c151e77ba]


    Hi ITF

    I think we were talking about the cpanel builds and its updates - where did Interchange came in :)

    Parag
     
  7. Omar

    Omar Well-Known Member

    Joined:
    Jul 30, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    What is interchange anyway?
     
  8. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:466cba29e0][i:466cba29e0]Originally posted by parag[/i:466cba29e0]

    [quote:466cba29e0][i:466cba29e0]Originally posted by itf[/i:466cba29e0]

    [b:466cba29e0] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info

    http://forums.cpanel.net/read.php?TID=4074
    [/b:466cba29e0][/quote:466cba29e0]


    Hi ITF

    I think we were talking about the cpanel builds and its updates - where did Interchange came in :)

    Parag[/quote:466cba29e0]

    Updating Cpanel overwrites Interchange (however it was unsuccessful) then you are vulnerable

    Whatever you want, you --parag don’t apply that
     
  9. parag

    parag Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    16
    hi itf

    i already fixed the interchange exploit few days back.

    but i have also saved the procedure you posted ;) thanks

    And its not the question of applying it or not - i was wondering why suddenly interchange came into the picture - so just asked - nothing much

    Omar - Interchange is a Shopping Cart System :)

    Parag
     
  10. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:e04bf0f98f][i:e04bf0f98f]Originally posted by parag[/i:e04bf0f98f]

    hi itf

    i already fixed the interchange exploit few days back.

    but i have also saved the procedure you posted ;) thanks

    Omar - Interchange is a Shopping Cart System :)

    Parag[/quote:e04bf0f98f]

    please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrites the Interchange, I mean if you applied my hack before this update you are now vulnerable
     
  11. parag

    parag Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    16
    [quote:19a6eac11f][i:19a6eac11f]Originally posted by itf[/i:19a6eac11f]

    [quote:19a6eac11f][i:19a6eac11f]Originally posted by parag[/i:19a6eac11f]

    hi itf

    i already fixed the interchange exploit few days back.

    but i have also saved the procedure you posted ;) thanks

    Omar - Interchange is a Shopping Cart System :)

    Parag[/quote:19a6eac11f]

    please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrote the Interchange, I mean if you applied my hack before this update you are now vulnerable[/quote:19a6eac11f]

    yeah yeah i understand what you mean -

    but i did it the other way using iptables and have those rules in the init script itself

    Parag
     
  12. mikerayner

    mikerayner Well-Known Member

    Joined:
    Apr 10, 2002
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    the same problem for build 53 it seems it re-installs build 52
    is it true?
     
  13. mikerayner

    mikerayner Well-Known Member

    Joined:
    Apr 10, 2002
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    parag

    Does iptable protects against local users?
     
  14. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    To be clear --

    the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

    The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.
     
  15. mikerayner

    mikerayner Well-Known Member

    Joined:
    Apr 10, 2002
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    [quote:738ca93159][i:738ca93159]Originally posted by Curious Too[/i:738ca93159]

    To be clear --

    the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

    The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:738ca93159]
    I thought build 53 would solve the problem then didn't lock that file.
     
  16. parag

    parag Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    16
    [quote:c95dd188e1][i:c95dd188e1]Originally posted by Curious Too[/i:c95dd188e1]

    To be clear --

    the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

    The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:c95dd188e1]

    hi curious too

    we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.

    ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.

    because of the faiilure in updating build 53 - its not overwritten.

    first read all the posts..

    Parag
     
  17. mikerayner

    mikerayner Well-Known Member

    Joined:
    Apr 10, 2002
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    build 53 upgrade works but it installs build 52, I checked it out by manually upgrading it in SSH session by using /scripts/upcp and it ovewrites everything (cpanel softaware)
     
  18. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    [quote:a1afac30aa][i:a1afac30aa]Originally posted by parag[/i:a1afac30aa]

    [quote:a1afac30aa][i:a1afac30aa]Originally posted by Curious Too[/i:a1afac30aa]

    To be clear --

    the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?

    The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:a1afac30aa]

    hi curious too

    we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.

    ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.

    because of the faiilure in updating build 53 - its not overwritten.

    first read all the posts..

    Parag

    [/quote:a1afac30aa]

    Your sarcasm is not appreciated.

    I did read all the posts. I hacked the Server.pm file according to the instructions. When I ran the upcp script the hacked file was overwritten with the old Server.pm file. I then re-hacked the file and chattr +i the file and ran the upcp script. Even though the Server.pm file was not overwritten the server DID NOT update to Build 53.
     
  19. mikerayner

    mikerayner Well-Known Member

    Joined:
    Apr 10, 2002
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Curious Too


    server.pm (the hack provided by ITF) is overwritten after upgrade, build 53 doesn't work but it rewrites everything

    use /scripts/upcp in a root SSH session then you can see build 53 overwrites everything it also overwrites Interchange but does not upgrade properly and shows build 52

    rewriting server.pm or not is irrelevant to build 53 problem just we have to make sure if server.pm was overwritten your system is vulnerable and have to apply ITF's hack

    but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
     
  20. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    [quote:aee1fdd24e][i:aee1fdd24e]Originally posted by mikerayner[/i:aee1fdd24e]
    but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
    [/quote:aee1fdd24e]

    Yes, I know, I'm hoping that when the real build 53 is released it will include the hacked version of Server.pm instead of the vulnerable version. In the meantime, since all my servers run the autoupdate I have to lock Server.pm until the new build is released.
     
Loading...

Share This Page