The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Critical Update Notice

Discussion in 'General Discussion' started by cPanelNick, Mar 12, 2004.

  1. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    All machines that are prone to the resetpass exploit will get a critical update request, and will update reguardless of their update settings. This will only affect machines that are prone to this exploit.

    If you don't want this to happen, chmod 0 /scripts/upcp

    We are sorry for any inconvience this may cause.

    This update is scheduled for after 3pm EST today
     
  2. erwinfa

    erwinfa Well-Known Member

    Joined:
    Jun 14, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    0
    So, do the latest stable version 9.1.0-STABLE_53, has fixed this problem ?
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Yes
     
  4. darksoul

    darksoul Active Member

    Joined:
    Feb 20, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Where can we find more info about this vuln ?
     
  5. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
  6. dhabets

    dhabets Well-Known Member

    Joined:
    Dec 31, 2001
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    ehm, it seemed to have happened at 12 today on all my machines which are set to MANUAL.

    Also, I don't read this forum every day and when I set things to "MANUAL" it means MANUAL.

    This is just ridiculous and yes, I'm quite p.o. 'cos I just had 15 machines to take care of because of faulty cpanel upgrades.

    Can you confirm or deny that the upgrades took place at 12 and not 3? and that's EST!

    Great communication btw...
     
  7. thedavid

    thedavid Well-Known Member

    Joined:
    Nov 22, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    I've heard 12, 1, and 3... Perhaps timezone differences?
     
  8. takeover

    takeover Member

    Joined:
    Apr 29, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    i'm stuck with a half install, the server died after i tried to install this very important update, hopefully i get my ticket replied to soon, some things are pretty broken.
     
  9. dhabets

    dhabets Well-Known Member

    Joined:
    Dec 31, 2001
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    sure, but I am in the EST time zone.
     
  10. dhabets

    dhabets Well-Known Member

    Joined:
    Dec 31, 2001
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    well, I've had my coffee and calmed down a bit, but I really think the way this was done was not well thought out (dare I say stupid?).

    I'm sorry, but this did more harm to cpanel's reputation than good. I understand the thought behind it, but still, NOBODY should do unasked for upgrades. That's pretty much like trespassing... simply don't do it (when I have not had my coffee :D)
     
  11. gemby

    gemby Well-Known Member
    PartnerNOC

    Joined:
    Feb 16, 2002
    Messages:
    182
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Pula, Croatia
    cPanel Access Level:
    DataCenter Provider
    Guys, be very lucky that you did not pass trough hacked server situation. I have been lucky and upgraded on time all machines, but my frend did not!
    ######################
    Checking `login'... INFECTED
    Checking `pstree'... INFECTED
    Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit installed
    Searching for Showtee... Warning: Possible Showtee Rootkit installed
    Checking `bindshell'... INFECTED (PORTS: 465)
    Checking `lkm'... You have 3 process hidden for ps command
    Warning: Possible LKM Trojan installed
    ######################

    One our after exploit was found!

    We replaced all files with corect one, reinstall all rpm-s after that and chkrotkit is no longer complaining.


    So do not please talk what they should, and what they shouldn't. They are probably saved your ass, yep, you probably had to upcp once again, right? So, what's the big deal?
     
  12. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    Re: Re: Critical Update Notice

    I'm quite certain the update took place probably around 3, it was latest than midnight for sure. (EST)

    You don't read the forums, you don't read WHM either? All you had to do was patch yourself, and you wouldn't have been patched.

    The machines already patched/upgraded didn't receive the updates.
     
  13. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    Does this also fix the hole the same guy posted to Butraq today?
     
  14. Big Gorilla

    Big Gorilla Active Member

    Joined:
    Jan 30, 2004
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    It seemed to. I was able to reproduce the bugtraq hole before the update. After, it appears to be plugged.
     
  15. thedavid

    thedavid Well-Known Member

    Joined:
    Nov 22, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    It appears to. I wasn't able to work the compromise, anyway.

    -David
     
  16. mainarea

    mainarea Active Member

    Joined:
    Nov 18, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Nick - I don't like you guys doing this kind of stuff at all - I have to come back to a broken box after your automatic update? I didn't have the exploit anymore, but I wondered why my box mysteriously started updating... This is just a little frustrating for me.

    - Matt
     
  17. thedavid

    thedavid Well-Known Member

    Joined:
    Nov 22, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Last I heard, the update was done *through* the exploit. So you might've not been patched at all if it auto-updated.

    Just a thought.
     
  18. TAWHosting

    TAWHosting Member

    Joined:
    Jul 12, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    3 of my servers tday were hacked using this explit wivin 30 minuted of each other, CPanel u have ALOT to answer for!
     
  19. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Nick, I have to agree
    MANUAL IS MANUAL
    Luckily for me my cPanel wasn't updated. I have it set to manual because that's what I want. I had already disabled the password feature, so didn't need an upgrade.

    If there are urgent security notices they should be in WHM news. People who don't login to WHM daily need to set their upgrades to automatic.

    I hope this idea of automatic upgrades even for MANUAL, does not happen again.
     
  20. LS_Drew

    LS_Drew Well-Known Member

    Joined:
    Feb 20, 2003
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    16
    I just want to say to Nick that I really do think you did the right thing today to try and rectify the situation. If you had explained that those of us who already patched would be unaffected by the upgrade, I'd have been with ya from the start.

    It's a shame that this had to happen in the first place, but your handling of the problem was, IMHO, first rate and saved MANY folks who didn't know any better and would have been hacked to pieces.
     
    #20 LS_Drew, Mar 12, 2004
    Last edited: Mar 12, 2004
Loading...

Share This Page