The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_ssl vulnerabilty

Discussion in 'General Discussion' started by AbeFroman, Jun 7, 2003.

  1. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    is this for real? I subscribe to bugtraq but didnt see anything

    Apache Core 1.3.27 1.3.27 OK
    mod_log_bytes 1.2
    mod_bwlimited 1.0
    PHP 4.3.1 4.3.1 OK
    FrontPage 5.0.2.2510
    mod_ssl 2.8.14 2.8.12 Insecure
    OpenSSL 0.9.6b


    You are running an insecure apache setup. You should run /scripts/easyapache and upgrade to a newer version as soon as possible to avoid your system being compromised.

    cPanel.net Support Ticket Number:
     
  2. mrcbrown

    mrcbrown Well-Known Member

    Joined:
    Jun 5, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I just got this too. Running the script to get updated. Havent recieved word from RedHat about this hole, but better safe than sorry!

    cPanel.net Support Ticket Number:
     
  3. rbmatt

    rbmatt Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    Im upgrading as we speak.
    Trying out php 4.3.2 also :)

    cPanel.net Support Ticket Number:
     
  4. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
  5. icanectc

    icanectc Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    344
    Likes Received:
    0
    Trophy Points:
    16
    I had the same thing today I ran /scripts/easyapache and choose opt 1 and it upgraded it for me.


    Best Wishes,
    Mike

    cPanel.net Support Ticket Number:
     
  6. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Here's a puzzle --

    I did the update, and it seemed to go fine. Apache is running, and my php/mysql sites look fine.

    However, on my ssh screen, approximately once per minute I get an announcement that says --

    Scanning suexec log ... done

    So it looks like something running over and over. Not a desireable feature I think. Anybody know what this might be?

    cPanel.net Support Ticket Number:
     
  7. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    yea its a just checker which runs after every easyapache upgrade which looks at /usr/local/apache/logs/suexec_log and attempts to correct any errors which get logged there automagically (as cpanel puts it) it usually terminates after 24 hrs or so, you can exit / relogin to stop it getting echoed to your shell

    cPanel.net Support Ticket Number:
     
  8. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Whew!

    thanks!

    cPanel.net Support Ticket Number:
     
  9. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    I still have not found any news on the Vuln. Mod_SSL site says security update but mentions nothing about having to upgrade because of a major vuln that could get us rooted.

    cPanel.net Support Ticket Number:
     
  10. mojo

    mojo Member

    Joined:
    Jun 8, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Dose anyone else website have a 500 server error after that update?

    cPanel.net Support Ticket Number:
     
  11. mojo

    mojo Member

    Joined:
    Jun 8, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    never mind, fixed it. Was due to the fact .html is also setup to be used for php scripts.

    cPanel.net Support Ticket Number:
     
  12. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    I am not sure weather its a specfic mod_ssl vuln but rather a more general ssl vuln from a while back perharps darkorb is being a bit more proactive about ensuring people have the recent version(s) after the recent criticisms (sp?)

    cPanel.net Support Ticket Number:
     

Share This Page