Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_ssl vulnerabilty

Discussion in 'General Discussion' started by AbeFroman, Jun 7, 2003.

  1. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    318
    is this for real? I subscribe to bugtraq but didnt see anything

    Apache Core 1.3.27 1.3.27 OK
    mod_log_bytes 1.2
    mod_bwlimited 1.0
    PHP 4.3.1 4.3.1 OK
    FrontPage 5.0.2.2510
    mod_ssl 2.8.14 2.8.12 Insecure
    OpenSSL 0.9.6b


    You are running an insecure apache setup. You should run /scripts/easyapache and upgrade to a newer version as soon as possible to avoid your system being compromised.

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. mrcbrown

    mrcbrown Well-Known Member

    Joined:
    Jun 5, 2003
    Messages:
    100
    Likes Received:
    1
    Trophy Points:
    168
    I just got this too. Running the script to get updated. Havent recieved word from RedHat about this hole, but better safe than sorry!

    cPanel.net Support Ticket Number:
     
  3. rbmatt

    rbmatt Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    166
    Im upgrading as we speak.
    Trying out php 4.3.2 also :)

    cPanel.net Support Ticket Number:
     
  4. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    166
  5. icanectc

    icanectc Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    344
    Likes Received:
    0
    Trophy Points:
    166
    I had the same thing today I ran /scripts/easyapache and choose opt 1 and it upgraded it for me.


    Best Wishes,
    Mike

    cPanel.net Support Ticket Number:
     
  6. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    166
    Here's a puzzle --

    I did the update, and it seemed to go fine. Apache is running, and my php/mysql sites look fine.

    However, on my ssh screen, approximately once per minute I get an announcement that says --

    Scanning suexec log ... done

    So it looks like something running over and over. Not a desireable feature I think. Anybody know what this might be?

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    yea its a just checker which runs after every easyapache upgrade which looks at /usr/local/apache/logs/suexec_log and attempts to correct any errors which get logged there automagically (as cpanel puts it) it usually terminates after 24 hrs or so, you can exit / relogin to stop it getting echoed to your shell

    cPanel.net Support Ticket Number:
     
  8. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    166
    Whew!

    thanks!

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    166
    I still have not found any news on the Vuln. Mod_SSL site says security update but mentions nothing about having to upgrade because of a major vuln that could get us rooted.

    cPanel.net Support Ticket Number:
     
  10. mojo

    mojo Member

    Joined:
    Jun 8, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
    Dose anyone else website have a 500 server error after that update?

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. mojo

    mojo Member

    Joined:
    Jun 8, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
    never mind, fixed it. Was due to the fact .html is also setup to be used for php scripts.

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    I am not sure weather its a specfic mod_ssl vuln but rather a more general ssl vuln from a while back perharps darkorb is being a bit more proactive about ensuring people have the recent version(s) after the recent criticisms (sp?)

    cPanel.net Support Ticket Number:
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice