Critical Update Notice

So, do the latest stable version 9.1.0-STABLE_53, has fixed this problem ?

 

Where can we find more info about this vuln ?

 

http://www.securityfocus.com/archive/1/357172/2004-03-09/2004-03-15/0

 

ehm, it seemed to have happened at 12 today on all my machines which are set to MANUAL.

Also, I don't read this forum every day and when I set things to "MANUAL" it means MANUAL.

This is just ridiculous and yes, I'm quite p.o. 'cos I just had 15 machines to take care of because of faulty cpanel upgrades.

Can you confirm or deny that the upgrades took place at 12 and not 3? and that's EST!

Great communication btw...

 

I've heard 12, 1, and 3... Perhaps timezone differences?

 

i'm stuck with a half install, the server died after i tried to install this very important update, hopefully i get my ticket replied to soon, some things are pretty broken.

 

sure, but I am in the EST time zone.

 

well, I've had my coffee and calmed down a bit, but I really think the way this was done was not well thought out (dare I say stupid?).

I'm sorry, but this did more harm to cpanel's reputation than good. I understand the thought behind it, but still, NOBODY should do unasked for upgrades. That's pretty much like trespassing... simply don't do it (when I have not had my coffee :D)

 

Guys, be very lucky that you did not pass trough hacked server situation. I have been lucky and upgraded on time all machines, but my frend did not!
######################
Checking `login'... INFECTED
Checking `pstree'... INFECTED
Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit installed
Searching for Showtee... Warning: Possible Showtee Rootkit installed
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 3 process hidden for ps command
Warning: Possible LKM Trojan installed
######################

One our after exploit was found!

We replaced all files with corect one, reinstall all rpm-s after that and chkrotkit is no longer complaining.


So do not please talk what they should, and what they shouldn't. They are probably saved your ass, yep, you probably had to upcp once again, right? So, what's the big deal?

 

Re: Re: Critical Update Notice

I'm quite certain the update took place probably around 3, it was latest than midnight for sure. (EST)

You don't read the forums, you don't read WHM either? All you had to do was patch yourself, and you wouldn't have been patched.

The machines already patched/upgraded didn't receive the updates.

 

Does this also fix the hole the same guy posted to Butraq today?

 

It seemed to. I was able to reproduce the bugtraq hole before the update. After, it appears to be plugged.

 

It appears to. I wasn't able to work the compromise, anyway.

-David

 

Nick - I don't like you guys doing this kind of stuff at all - I have to come back to a broken box after your automatic update? I didn't have the exploit anymore, but I wondered why my box mysteriously started updating... This is just a little frustrating for me.

- Matt

 

Last I heard, the update was done *through* the exploit. So you might've not been patched at all if it auto-updated.

Just a thought.

 

3 of my servers tday were hacked using this explit wivin 30 minuted of each other, CPanel u have ALOT to answer for!

 

Nick, I have to agree
MANUAL IS MANUAL
Luckily for me my cPanel wasn't updated. I have it set to manual because that's what I want. I had already disabled the password feature, so didn't need an upgrade.

If there are urgent security notices they should be in WHM news. People who don't login to WHM daily need to set their upgrades to automatic.

I hope this idea of automatic upgrades even for MANUAL, does not happen again.

 

I just want to say to Nick that I really do think you did the right thing today to try and rectify the situation. If you had explained that those of us who already patched would be unaffected by the upgrade, I'd have been with ya from the start.

It's a shame that this had to happen in the first place, but your handling of the problem was, IMHO, first rate and saved MANY folks who didn't know any better and would have been hacked to pieces.