The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

melange vulnerability

Discussion in 'General Discussion' started by Lem0nHead, Jun 16, 2004.

  1. Lem0nHead

    Lem0nHead Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    not a cpanel vulnerabilty, but cpanel has Melange chat server actived by default

    try to login (telnet?) to port 6666 of your server

    do you get >> Melange Chat Server (Version 1.10), Apr-25-1999?

    this program has a bug

    i didn't investigate it very much, but it's possible to change the EIP (pointer to program code) to somewhere else, maybe getting to run some program the ab(user) wants

    as far as i went, that's a not severe vulnerability, since this program is runned by 'nobody' user
    not a big deal, but yet a vuln ;)

    http://www.securityfocus.com/bid/6477/discussion/

    no patch is available yet, so if you think you can be affected by that, disable connections to port 6666 on your server
     
Loading...
Similar Threads - melange vulnerability
  1. LaxSlash1993
    Replies:
    2
    Views:
    156

Share This Page