The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Serious fantastico bug

Discussion in 'General Discussion' started by remik, Mar 12, 2007.

  1. remik

    remik Guest

    Hey.
    Yesterday a new bug was announced at: http://milw0rm.com/exploits/3459
    One of my clients informed me that it was exploitable on my servers. I couldn't find anything on netenberg or this forum about it.
    I wrote a quick fix for it:

    Insert this in file '/usr/local/cpanel/3rdparty/fantastico/includes/load_language.php' before 'if(is_file($userlanguage))':
    PHP:
        /* NetShock - make sure file is in languages dir */
        
    $tmp split('/',$userlanguage);
        
    $userlanguage $fantasticolangpath $tmp[count($tmp)-1];
    I think the best way to prevent the second exploit would be to deny direct access to files in includes directory. Unfortunetly cpanel doesn't read .htaccess files in fantastico dir (don't know why). That's why I came with another fix.

    I created a file '/usr/local/cpanel/3rdparty/fantastico/fix.php' containing:
    PHP:
    <?
     
    /* NetShock - quick fantastico fix */
     
    $fantasticopath '';
    ?>
    Then edited /usr/local/cpanel/3rdparty/etc/php.ini file. Found line with auto_prepend_file and modified it as follows:
    Code:
    auto_prepend_file = "/usr/local/cpanel/3rdparty/fantastico/fix.php"   ;fix fantastico register globals bug
    
    I hope it helps. Of course the best thing to do would be to rewrite fantastico with register_globals set to off.

    Ps. Feel free to post this on netenberg.com forum - I tried registering an account there, but didn't get a confirmation email yet.
     
  2. Funkadelic

    Funkadelic Well-Known Member

    Joined:
    Feb 10, 2006
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    Have you tried contacting Netenberg Support?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    194
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Already patched. Update your Fantastico.
     
  4. kosmo

    kosmo Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    403
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    All over Europe
    We have released a patch a few hours after we have been informed about the exploit. Please update your Fantastico if it hasn't auto-updated itself yet.

    kosmo
     
  5. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Thanks for the heads up
     
  6. remik

    remik Guest

    Thx kosmo. When I was writing this post my Fantastico said it's up to date at rev. 38 without the bugfix.
    Today it's fixed at rev. 39.

    Remik
     
  7. jack01

    jack01 Well-Known Member

    Joined:
    Jul 21, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Does anyone know....

    Looking at the hack description at http://milw0rm.com/exploits/3459 it specifically refers to :2082 but would this have been possible using :2083 also?
     

Share This Page