The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Expolit on cpanel

Discussion in 'General Discussion' started by techsupport1, Feb 11, 2007.

  1. techsupport1

    techsupport1 Member

    Joined:
    Dec 31, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    hello

    I am getting the following errors message in WHM. What i am suppose to do now? I dont want to messup my vps server. I am already dealing with other issues:eek:

    Security Notice:
    A security vulnerability was discovered in cPanel which may result in privilege escalation. This vulnerability can be resolved by updating your cPanel software here. The necessary patch will occur automatically on all servers during the daily execution of upcp. If cron jobs have been disabled on your server, then you should manually update your cPanel software.

    Severity::mad:

    Security Notice:
    There are several known Linux kernel exploits which may allow local privilege escalation. These exploits have become commonplace in recent weeks and can be avoided by ensuring that your kernel is updated to the latest available version. While cPanel will help ensure your system services and software are up to date, kernel updates are outside the scope of cPanel. Kernels with known vulnerabilities include, but are not limited to, 2.6.9-22 and 2.6.9-34. Please check your running kernel for updates periodically. This will help ensure the overall integrity of your server and data.

    Severity::mad:


    thanks
     
  2. Gareth

    Gareth Well-Known Member

    Joined:
    Feb 11, 2004
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Isle of Anglesey, UK
    Basically:

    if you have cPanel set in whm to auto update then you do not need to worry as you'll already be on the latest version.

    If you have it set to manual update then you need to update cpanel, which you can via the left menu bar (towards the bottom). Once you have done that you'll be alright.

    With the second message you'll just need to ensure that the kernel is the current version, and any patches are applied.
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    What's the current cPanel/WHM version installed on this server? As Gareth said, if you have an old version of the cPanel/WHM, you'll need to update to the latest release of the build you have on this server. You also need to make sure that your Kernel is up-to-date.
     
    #3 AndyReed, Feb 11, 2007
    Last edited: Feb 11, 2007
  4. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    526
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brno, Czech Republic
    actually would be nice if cpanel would make some checks for the first warning to appear ONLY if the cpanel version is outdated.

    the second adv ... pretty much it's useless, yet might draw some people questioning about box security and kernel upgrading. overall i would insist on automatization of the first announcement.
     
  5. gdns

    gdns Active Member

    Joined:
    Feb 12, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    especialy on freebsd :)
     
  6. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    526
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brno, Czech Republic
    true dat. i mean it's useless, and could me used for something more useful - that space. like .. daily cpanel quotes or something fun :) imagine sysadmins logging in daily to cpanel to check the new daily quote: w00t !
     
Loading...

Share This Page