The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is true? neomail vulnerability

Discussion in 'E-mail Discussions' started by Creazioni, Aug 21, 2003.

  1. Creazioni

    Creazioni Well-Known Member

    Joined:
    Jan 5, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    16
    There is a vulnerability in Cpanel related to the neomail software.
    I suggest applying patch immediately...etcc

    cPanel.net Support Ticket Number:
     
  2. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    explain the vulnerability.

    cPanel.net Support Ticket Number:
     
  3. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    I got a warning to apply a patch to neomail tonight from the people I got my cpanel license from.

    I thought it was really weird for the license distributor to send me the patch rather than it to come from Cpanel. Not saying they were doing anything wrong, just dont know why nothing here seems to explain it but my license reseller is telling me about it.

    :confused:

    cPanel.net Support Ticket Number:
     
  4. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    if you can post more details on this perhaps someone can shed light on this matter. Wat patch, wats the vulnerability etc.

    cPanel.net Support Ticket Number:
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    There was a problem with neomail, its since been fixed. If you are running the latest EDGE, RELEASE, or STABLE version you should be ok. Recent EDGE and RELEASE versions are also fine.

    From the ChangeLog:

    Fri Aug 15 14:22:29 EDT 2003
    7.x Build#64
    ---------------------------------------------------------------

    neomail security fix
    ---------------------------------------------------------------

    cPanel.net Support Ticket Number:
     
  6. Creazioni

    Creazioni Well-Known Member

    Joined:
    Jan 5, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    16
     
  7. Tim Greer

    Tim Greer Well-Known Member

    Joined:
    Aug 11, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Yes, there is an issue. A staff member discovered this when we had a report of a failure with NeoMail. It was a very simple problem, but due to the nature could cause a fairly severe security risk.

    We will not divulge how or what this is. We sent a notice about the patch to our dedicated and external license clients, as we did not receive a response from Cpanel, so we took action to get the clients servers patched.

    We thought it would be prudent to alert our clients knowing this issue existed. After sending out the notice, the staff member saw that Cpanel actually updated it and did see the alert sent to them.

    Upgrade and you will be fine for the most part (though there are actually several reasons why this patch will fail still and the security issue still exists). I fear explaining the method to secure it will expose an easy exploit, so we'll wait for Cpanel to fix it up.

    cPanel.net Support Ticket Number:
     
  8. Creazioni

    Creazioni Well-Known Member

    Joined:
    Jan 5, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    16
    Tim Greer
    IS A GREAT administrator..i know how your work..you work very very fine
    :)

    cPanel.net Support Ticket Number:
     

Share This Page