The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

openssl exploit

Discussion in 'General Discussion' started by Radio_Head, Aug 1, 2002.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Hello


    I wish to know if we (cpanel users) are safe from this exploit

    http://www.openssl.org/news/secadv_20020730.txt


    thank you
     
  2. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Anyone ?
     
  3. bdraco

    bdraco Guest

    [quote:7c4ed01282][i:7c4ed01282]Originally posted by Radio_Head[/i:7c4ed01282]

    Anyone ?[/quote:7c4ed01282]

    If you have security updates set to auto you should be fine
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    With auto do you means automatic update of Cpanel
    (do you want say that the latest cpanel update contains
    latest openssl patches solving the exploit above ) ?


    thank you
     
  5. dzevad

    dzevad Well-Known Member

    Joined:
    Oct 7, 2001
    Messages:
    95
    Likes Received:
    0
    Trophy Points:
    6
    I just updated Cpanel manually with upcp and I have OpenSSL/0.9.6b , but the latest is OpenSSL 0.9.6e.

    This is from OpenSSL site:

    Who is affected?
    ----------------

    Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or
    current development snapshots of 0.9.7 to provide SSL or TLS is
    vulnerable, whether client or server. 0.9.6d servers on 32-bit systems
    with SSL 2.0 disabled are not vulnerable.

    SSLeay is probably also affected.
     
  6. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    [quote:5414225eb1][i:5414225eb1]Originally posted by dzevad[/i:5414225eb1]

    I just updated Cpanel manually with upcp and I have OpenSSL/0.9.6b , but the latest is OpenSSL 0.9.6e.

    This is from OpenSSL site:

    Who is affected?
    ----------------

    Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or
    current development snapshots of 0.9.7 to provide SSL or TLS is
    vulnerable, whether client or server. 0.9.6d servers on 32-bit systems
    with SSL 2.0 disabled are not vulnerable.

    SSLeay is probably also affected.
    [/quote:5414225eb1]

    Hi ;)

    Yes , in fact !
     
  7. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    This is an important issue.

    I was recently hacked on an old WebPanel server we still have hanging around (t0rn kit). I was hacked over and over again for a month.

    I learned that the only defense is to &Patch the security holes& as quickly as possible. Also, try as you might to clean a hacked server, you must rebuild in order to make sure you are safe.

    Additionally, I now limit SSH access to known hosts in /etc/hosts.allow (sshd is denied to all in /etc/hosts.deny).

    I am thinking about using IP chains if I can ever figure the darn things out.

    So, this exploit is important. Believe me, the hackers probably already have an automated kit to attack the exploit.

    Here a few good info sites about hackers that I have found. If you are a Linux admin, you should read the info at these sites. I am so much more learned about hackers/crackers and prevention than I was before I visited these sites. To catch a hacker/cracker you must understand the tools and techniques he will use to try to defeat you...
    http://www.chkrootkit.org/ (A must have, I think)
    http://www.linuxgazette.com/issue36/kuethe.html
    http://www.sans.org/y2k/t0rn.htm
    http://www.cs.wright.edu/people/faculty/pmateti/Courses/499/Fortification/obrien.html
    http://www.sophos.com/virusinfo/analyses/linuxlion.html
    http://www.theorygroup.com/Theory/rootkits.html
    http://www.usenix.org/publications/login/1999-9/features/rootkits.html
     
  8. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Thank you for links !
     
  9. marius

    marius Well-Known Member
    PartnerNOC

    Joined:
    Jun 10, 2002
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest
    I had my server hacked using the guestbook security error. BU t "cleaning" up the system ...errr....

    what does "rebuild" implies? what do i have to do?

    thanks
     
Loading...

Share This Page