The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is the php version cpanel uses affected by the XMLRPC expoit?

Discussion in 'General Discussion' started by BianchiDude, Sep 10, 2005.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Do a search of these forums, this has been discussed previously, and quite extensively.

    PHP itself is not effected by the vulnerability, but the PEAR library was. If you haven't done so already, perform a manual update of the PEAR XMLRPC library. You will also want to keep in mind that many 3rd party applications which clients tend to install and forget about updating includes its own xmlrpc file which may also be affected.
     
  3. VexT

    VexT Active Member

    Joined:
    Nov 15, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Recently Pear has been updated (9-18-05) and and xml_rpc component has been as well. Should I wait for a new build to be included in easyapache's php? Right now, pear upgrade-all results in a core dump when it tries to install 1.4 of xml_rpc component.
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You should be able to upgrade the Pear XML_RPC alone with:

    Code:
    pear upgrade XML_RPC
    Check out this URL for a *lot* more info. It links to the main cpanel forums discussion, plus the developer's brief on it, and discusses a lot of the issues you might be concerned about. BTW, to save you some worry, the internal PHP xml rpc is not vulnerable.

    http://www.webhostingtalk.com/showt...1520&perpage=15&highlight=xmlrpc&pagenumber=2

    If you upgrade software on the system, you should be pretty safe. This vulnerability was a real worry because the library was embedded in just so many applications.
     
Loading...

Share This Page