Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

New security exploit -- allows local user to gain root

Discussion in 'Security' started by iseletsk, Oct 19, 2010.

  1. iseletsk

    iseletsk Well-Known Member

    Joined:
    Mar 3, 2010
    Messages:
    163
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Princeton, New Jersey, United States
    There is a new security exploit that allows local user to gain root access to the server. My guess is pretty much all hosting companies doing linux hosting are affected
    There is no update yet available from any vendor, but as a work around, you can do following:

    # mount -o bind /tmp /tmp
    # mount -o remount,bind,nosuid /tmp /tmp
    # mount -o bind /home /home
    # mount -o remount,bind,nosuid /home /home

    Make sure you bind and remount as nosuid all directories (parent level only) where local users can create files. If your users' home directories are at /var/www, do that for /var/www directory

    # mount -o bind /var/www /var/www
    # mount -o remount,bind,nosuid /var/www /var/www

    Full Disclosure was published here yesterday:
    More info: Full Disclosure: The GNU C library dynamic linker expands $ORIGIN in setuid library search path
    CVE-2010-3847
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. rhm.geerts

    rhm.geerts Well-Known Member

    Joined:
    Jul 29, 2008
    Messages:
    93
    Likes Received:
    6
    Trophy Points:
    58
    Location:
    Maastricht
    cPanel Access Level:
    Root Administrator
  3. javiercampos

    javiercampos Well-Known Member
    PartnerNOC

    Joined:
    Jan 12, 2010
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    /tmp
    cPanel Access Level:
    Root Administrator
    =)

    Thanks iseletsk and rhm.geerts
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. PlatinumServerM

    PlatinumServerM Well-Known Member
    PartnerNOC

    Joined:
    Jul 10, 2005
    Messages:
    400
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    New Jersey, USA
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice