The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

guestbook.cgi exploit

Discussion in 'General Discussion' started by JustinK, Feb 15, 2003.

  1. JustinK

    JustinK Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    251
    Likes Received:
    0
    Trophy Points:
    16
    I've already sent a notice in to the cpanel crew, so I'll let them explain it, but I just wanted to make sure everyone knew that there appears to be a rather big security issue with the guestbook.cgi file that comes with cpanel (the simple guestbook). The exploit can be used on any domain on a cpanel server.

    Please disable this script to save your users from having something bad happen to their account or something worse happen to your servers:

    chmod 0 /usr/local/cpanel/cgi-sys/guestbook.cgi
    chattr +i /usr/local/cpanel/cgi-sys/guestbook.cgi

    Again, I'll let the cpanel crew explain it how they wish to.
     
  2. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Never having looked at that file till now, I must admit, it's rather odd that a &cgi& script is in binary? Care to share anything on the security breach? Could be months or never before we hear anything from DarkOrk on this -- after all, they've been providing it... for how long?
     
  3. JustinK

    JustinK Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    251
    Likes Received:
    0
    Trophy Points:
    16
    I realise it might be a stretch hearing from them, but I'm leaving it up to them to tell you about it. I gave them the details on exactly how it was done. If you leave the file running, you're risking every users' files on each server to anyone that wishes to poke around.
     
  4. h2oski

    h2oski Well-Known Member

    Joined:
    Dec 12, 2001
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    from the ChangeLog:
    Sun Feb 16 10:19:22 EST 2003
    6.x Build#51
    ---------------------------------------------------------------

    fix a secuirty problem with guestbook.cgi

    ----------------------------------------------------------------

    Nick, can you to tell us how to fix this without upgrading to Cpanel 6.x ?
     
  5. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    what exactly is a problem with this script?
     
  6. taivu

    taivu Well-Known Member

    Joined:
    Nov 22, 2001
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for the heads up Justin. I appreciate it.
     
  7. bdraco

    bdraco Guest

    Just replace the cpanel5 one with

    http://layer1.cpanel.net/guestbook.bin
     
  8. Kaith Rustaz

    Kaith Rustaz Active Member

    Joined:
    Jun 5, 2002
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    ok, stupid question time:

    do we rename the .bin to .cgi and overwrite the old version?

    Or is there something else we need to do?
     
  9. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    just rename+replace
     
  10. snowgod

    snowgod Well-Known Member

    Joined:
    Sep 23, 2001
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
  11. zac-lw

    zac-lw Registered
    PartnerNOC

    Joined:
    Mar 20, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Is this fix in the latest CPanel update? What about the local root exploit posted on Bugtraq?
     
  12. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    I can't seem to get the link to come up at the moment, for openmail is all we need to do chmod oom to 755?
     
  13. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Just run

    /scripts/updatenow
    /scripts/upcp


    and it will resolve the problem reguardless of what version of cpanel you are running. cPanel 6 is not affected by this problem. The openwebmail exploit will not work unless you have specificly enabled suidperl, which cpanel disables by default.
     
  14. zac-lw

    zac-lw Registered
    PartnerNOC

    Joined:
    Mar 20, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    does that fix the guestbook.cgi problem as well?


    edit: yes, it does.
     
    #14 zac-lw, Feb 19, 2003
    Last edited: Feb 19, 2003
  15. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    I know running "/scripts/upcp" will not affect the "oom" or the "guestbook.cgi" problem, just had to manually chmod the "oom" file and "guestbook.cgi" still has the problem, but I have not used "/scripts/updatenow" as I don't know what it does.

    Does anyone know, within Cpanel, which link is for this "openwebmail" script? I don't see one and no links point to the "openwebmail" directory.
     
  16. awsol

    awsol cPanel Test Bitch

    Joined:
    Feb 8, 2002
    Messages:
    591
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Boston MA
    Rob if Nick fixed it than updating will fix the problem.
     
  17. thedavid

    thedavid Well-Known Member

    Joined:
    Nov 22, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Ok...

    I'm now running 6.0.0-EDGE_65 after manually updating - does this version contain the fixed openwebmail? Or is it just the fix for the guestbook cgi? Where's the cutoff, in other words....

    -David
     
  18. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    Ok here is a silly question

    I have ran

    /scripts/updatenow
    /scripts/upcp

    from root ssh does this fix both of the problems ? if not what does it fix and doesn't and how do I fix what it doesn't ?

    Regards,
    Garry
     
  19. thedavid

    thedavid Well-Known Member

    Joined:
    Nov 22, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Silver...

    I'm still waiting for that answer myself - it seems as though that information is not available?

    -David
     
  20. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    I just logged into ssh after running
    /scripts/updatenow
    /scripts/upcp

    the cd /usr/local/cpanel/base/openwebmail
    and it say No such file or directory
    so I cd /usr/local/cpanel/base
    then cd openwebmail
    and it say No such file or directory

    so I did an ls and it not there anymore

    Is this the fix ?

    Regards,
    Garry
     
Loading...

Share This Page