Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[resolved] Possible Security Issue

Discussion in 'Security' started by logikstudios, May 16, 2007.

  1. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    166
    Hey. I have just discovered a massive security in the CPANEL 10.9 software. This problem is in the BACKUP FEATURE. If you do remote ftp back onto the same account. It will put the file in the account home directory and it will have this type of stuff accountname:ROOTPASSWORD@serverhostname.com


    This is a major problem and needs to be fixed stright away.

    Thanks,

    Nathaniel
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 logikstudios, May 16, 2007
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Security issues should be emailed directly to security@cpanel.net so they can be addressed in a prompt manner.

    Remember, the cPanel Staff is not made aware of every thread posted here. While we attempt to assist those posting to the forum where appropriate - many threads may "fall through the cracks." It is for this reason (among many others) the forums are not an official means of communication and it is strongly encouraged that official communications with the cPanel Staff be handled through official channels rather than via the community forums.
     
    #2 cPanelDavidG, May 16, 2007
  3. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    166
    Sorry about that. Can you please email them about this.

    Thanks,
    Nathaniel
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 logikstudios, May 16, 2007
  4. LP-Tim

    LP-Tim Active Member

    Joined:
    Apr 30, 2007
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    151
    Interesting.

    But why would you do remote FTP backup to the same account?
     
    #4 LP-Tim, May 16, 2007
  5. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    166
    Because if you wanted to put it into a web directory where you could download it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 logikstudios, May 16, 2007
  6. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    318

    I'm trying to get a grasp on this. You are sending all backups for a server to a specific account on the same server over ftp?

    What files contain root passwords? It's only account tarballs that are backed up. Here's a FTP backup to my account from the same server:

    Code:
    dave@server1 [~/cpbackup]# cd monthly/
dave@server1 [~/cpbackup/monthly]# ls
./   domain1.tar.gz       domain2.tar.gz   domain3.tar.gz   reseller.tar.gz
../  domain4.tar.gz  domain5.tar.gz  
dave@server1 [~/cpbackup/monthly]# cd ..
dave@server1 [~/cpbackup]# cd weekly/
dave@server1 [~/cpbackup/weekly]# ls
./   domain1.tar.gz       domain2.tar.gz   domain3.tar.gz   reseller.tar.gz
../  domain4.tar.gz  domain5.tar.gz  
dave@server1 [~/cpbackup/weekly]# cd ..
dave@server1 [~/cpbackup]# cd daily/
dave@server1 [~/cpbackup/daily]# ls
./   domain1.tar.gz       domain2.tar.gz   domain3.tar.gz   reseller.tar.gz
../  domain4.tar.gz  domain5.tar.gz
     
    #6 DaveUsedToWorkHere, May 16, 2007
  7. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    318
    I did a grep -R "account:rootpass" * in my backup directory after extracting the archive and got no takers.


    Code:
    dave@server1 [~/cpbackup/daily]# tar -xzf reseller.tar.gz 
dave@server1 [~/cpbackup/daily]# cd reseller
root@server1 [/home/dave/cpbackup/daily/reseller]# grep -R "reseller:XXXX" *
root@server1 [/home/dave/cpbackup/daily/reseller]#
    XXXX intentionally obfuscated
     
    #7 DaveUsedToWorkHere, May 16, 2007
  8. LP-Tim

    LP-Tim Active Member

    Joined:
    Apr 30, 2007
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    151
    Yeah I'm not seeing it either.

    Not sure how this would be any different than backing up to a regular 'ole remote ftp server. Files is files, and ftp is ftp, eh?
     
    #8 LP-Tim, May 16, 2007
  9. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    166
    I can not duplicate this on any of my servers.
     
    #9 zigzam, May 16, 2007
  10. logikstudios

    logikstudios Well-Known Member

    Joined:
    Nov 2, 2006
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    166
    Found the problem, I was logged into that account as root. Came from root WHM to the cpanel account.

    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 logikstudios, May 16, 2007
  11. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    318
    I'm changing this thread's title as it is not valid
     
    #11 DaveUsedToWorkHere, May 17, 2007
(You must log in or sign up to post here.)
Loading...
Similar Threads - [resolved] Possible Security
  1. itdrift

    Possible to recreate the welcome email (email accounts)?

    itdrift, Nov 2, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    125
    cPanelMichael
    Nov 2, 2018
  2. albatroz

    Is it possible for a rogue code to insert a cron job?

    albatroz, Aug 28, 2018, in forum: Security
    Replies:
    2
    Views:
    195
    cPanelLauren
    Aug 29, 2018
  3. Kent Brockman

    How can I rename package names in the safest possible way?

    Kent Brockman, Jul 24, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    182
    cPanelLauren
    Jul 25, 2018
  4. sebosiris

    SOLVED PHP FPM - impossible to validate new configuration

    sebosiris, Jun 5, 2018, in forum: EasyApache
    Replies:
    6
    Views:
    406
    cPanelMichael
    Jun 8, 2018
  5. David_spm

    Possible to install CSF via WHM GUI?

    David_spm, May 29, 2018, in forum: Security
    Replies:
    2
    Views:
    322
    David_spm
    May 30, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice