Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how can I tell if my cpanel ssh is patched?

Discussion in 'Security' started by scottw, Aug 17, 2010.

  1. scottw

    scottw Registered

    Joined:
    Aug 17, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    I just ran a PCI vulnerability scan on my system and it came up with the following CVEs: CVE-2006-5051, CVE-2006-5052 (both of these are related to OpenSSH versions prior to 4.4).

    I'm pretty sure that, being 4 years old, OpenSSH has been patched. My ssh version:

    # ssh -v
    OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

    and RPMs installed:

    # rpm -qa | grep -i ssh
    openssh-clients-4.3p2-41.el5
    openssh-4.3p2-41.el5
    openssh-server-4.3p2-41.el5

    My question: how can I tell if I'm *really* vulnerable or not? I can look at the CVE database which lists packages and their signatures, but I don't know of a way to get a signature from a package that's already installed. Is there a way? Or is there a more reliable way to tell if I'm patched?

    Scott
     
    #1 scottw, Aug 17, 2010
  2. cPanelJared

    cPanelJared Technical Analyst

    Joined:
    Feb 25, 2010
    Messages:
    1,835
    Likes Received:
    20
    Trophy Points:
    143
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    rpm -q --changelog

    The --changelog argument to the rpm command will let you query installed packages to see the changelog. This will let you see which CVEs have had patches applied.

    Code:
    # rpm -q --changelog openssl
* Fri Mar 12 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-12.6
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)

* Thu Mar 04 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-12.5
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which
  in the RHEL-5 and newer versions will crash in such case (#569774)
    This can generate a very long list covering the entire history of the package, so you may want to pipe the output to a file then read the file using less:

    Code:
    # rpm -q --changelog openssl > openssl.changelog
# less openssl.changelog
    Due to the way Red Hat manages version numbers (and CentOS follows), the version number is not always updated when a CVE is patched, so it is necessary to read the changelog to find proof that a patch was applied.

    If you have a specific CVE number, as you do, you can use grep to check quickly to see if it is mentioned in the changelog:

    Code:
    # rpm -q --changelog openssh > openssh.changelog
# grep CVE-2006-5051 openssh.changelog 
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
# grep CVE-2006-5052 openssh.changelog 
- fix an information leak in Kerberos password authentication (CVE-2006-5052)
     
    #2 cPanelJared, Aug 17, 2010
  3. scottw

    scottw Registered

    Joined:
    Aug 17, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    perfect

    Just what I was looking for—thanks!

    Is there a similar command or site for built-in packages (such as Apache)?
     
    #3 scottw, Aug 17, 2010
  4. cPanelJared

    cPanelJared Technical Analyst

    Joined:
    Feb 25, 2010
    Messages:
    1,835
    Likes Received:
    20
    Trophy Points:
    143
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Only for RPM packages

    This technique will only work for services that are installed via RPM package, such as MySQL, Pure-FTPd, ProFTPd, Exim, Courier-IMAP and Dovecot. Since Apache is built from source, not installed via RPM package, on a cPanel server, the rpm database will have no information about it.

    You can see the list of modules compiled into Apache using the following command:

    Code:
    # /usr/local/apache/bin/httpd -l
    You can get version information about Apache using the following command:

    Code:
    # /usr/local/apache/bin/apachectl status
    You can see the configure command used to compile PHP, and all extensions included and configured settings, using the following command:

    Code:
    # php -i
    The output is usually lengthy, so I recommend redirecting it to a file. It is the same as creating the following PHP script and calling it from a Web browser:

    Code:
    <?php
    phpinfo();
?>
     
    #4 cPanelJared, Aug 17, 2010
  5. scottw

    scottw Registered

    Joined:
    Aug 17, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    CVE-2008-2939: mod_proxy_ftp

    How could I tell whether this particular CVE has been patched, then? I've found another forum post:

    Apache 2.2.10 Released - cPanel Forums

    but it applies to Apache 2.2.10 only.

    I'm running:
    Code:
    # httpd -v
Server version: Apache/2.0.63
Server built:   Jul 30 2010 03:17:02
Cpanel::Easy::Apache v3.2.0 rev5158
     
    #5 scottw, Aug 17, 2010
  6. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,554
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Re: CVE-2008-2939: mod_proxy_ftp

    Via a quick search I found the following resources that you may review regarding CVE-2008-2939:

    I believe that if you do not have mod_proxy installed in Apache/httpd then the vulnerability (CVE-2008-2939) may not apply.

    Using one of the same commands mentioned by cPanelJared you may determine if the Apache/httpd installation includes mod_proxy_ftp.
    The Apache module "mod_proxy" includes "mod_proxy_ftp" -- you may disable or remove mod_proxy altogether by unticking/unchecking its option in the Exhaustive Options list while running EasyApache to recompile Apache and PHP.

    Reference menu path and additional documentation:

    While you may use WHM to run EasyApache, you may also execute EasyApache using the following command via root SSH access:
    Code:
    # /scripts/easyapache
     
    #6 cPanelDon, Aug 17, 2010
(You must log in or sign up to post here.)
Loading...
Similar Threads - tell cpanel patched
  1. Dezdan

    How to tell if SSD or HDD on a VM?

    Dezdan, Nov 5, 2017, in forum: Workarounds and Optimization
    Replies:
    3
    Views:
    380
    cPanelMichael
    Nov 6, 2017
  2. WebHostPro

    SOLVED Is there way to tell the PHP-CLI version

    WebHostPro, Dec 19, 2016, in forum: EasyApache
    Replies:
    3
    Views:
    956
    cPanelMichael
    Dec 20, 2016
  3. martin MHC

    Webmin installed on cPanel server?

    martin MHC, Apr 24, 2018 at 9:43 AM, in forum: General Discussion
    Replies:
    4
    Views:
    31
    cPanelMichael
    Apr 24, 2018 at 11:20 AM
  4. Elizabeta

    Setting SNMP on cPanel

    Elizabeta, Apr 24, 2018 at 2:59 AM, in forum: General Discussion
    Replies:
    1
    Views:
    30
    cPanelMichael
    Apr 24, 2018 at 10:06 AM
  5. rhm.geerts

    Stop old cPanel services?

    rhm.geerts, Apr 23, 2018 at 11:11 AM, in forum: General Discussion
    Replies:
    9
    Views:
    54
    cPanelLauren
    Apr 24, 2018 at 9:28 AM

Share This Page