The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim/YAML security issue?

Discussion in 'Security' started by vltech, Feb 2, 2013.

  1. vltech

    vltech Registered

    Joined:
    Jan 24, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I'm watching the horror show that is the recently discovered vulnerablity in Ruby on Rails unfold (see http://www.kalzumeus.com/2013/01/31/what-the-rails-security-issue-means-for-your-startup/). The problem turns out to be in RoR's use of/parsing of YAML files.

    Lots of things use YAML. For instance, just the other day I was messing about with cpanel's email filtering functionality, and discovered it uses YAML. I'm not sure if that's on cpanel's side of the fence or exim's side of the fence. But it seems maybe somebody at cpanel should be looking into this? Because like that article says, now that the role of YAML in compromising RoR is widely known, the blackhats will be scrutinizing other widely adopted stacks and apps which also use YAML, to see if the same kinds of attacks work against them, too.

    For that matter: http://blog.cpanel.net/writing_an_ftp_password_trap_in_perl/

    cpanel, you looking into this?
     
Loading...

Share This Page