Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spectre and Meltdown

Discussion in 'Security' started by SecondSight, Jan 7, 2018.

  1. SecondSight

    SecondSight Well-Known Member

    Joined:
    Jun 30, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    Hello ! :)

    Can someone tell me more about Spectre and Meltdown and how to prevent my server (Centos + WHM/CPanel) from being infected ?

    Will WHM/CPanel show a message when there is a patch available ?

    What should I do to manage this problem on my side ?

    Thank you. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,338
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    No, I don't think so. But you should find these links of some use:
    Meltdown - CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - cPanel Knowledge Base - cPanel Documentation
    CloudLinux 6 kernel updated

    How to patch Meltdown CPU Vulnerability CVE-2017-5754 on Linux - nixCraft
    Howto patch Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on Linux - nixCraft
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Jan 7, 2018
    Last edited: Jan 7, 2018
    linux4me2 likes this.
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    998
    Likes Received:
    44
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I'm not expecting a detailed answer, just something in laymans terms.

    How would such a vulnerability be executed.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,338
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. MarceloKonrath

    MarceloKonrath Active Member

    Joined:
    Jun 8, 2013
    Messages:
    31
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello Infopro

    The fault seems to be quite difficult to exploit.

    Cloudlinux does not have a stable update yet.

    What are your recommendations?

    Access root with dedicated ip? Use 2 Factor Authentication for WHM?

    Thank you
     
  6. cws

    cws Registered

    Joined:
    Jan 18, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm running the hardened cPanel version of Centos 6, and trying to determine if the latest kernel has addressed these vulnerabilities.

    I followed the steps on the Documentation here Meltdown - CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - cPanel Knowledge Base - cPanel Documentation

    After updating just a few minutes ago, my machine is reporting this:

    2.6.32-696.199.cpanel6.x86_64
    centos-release-6-9.el6.12.3.x86_64

    root@web1 [/]# rpm -q kernel | tail -n1
    kernel-2.6.32-696.299.10.3.cp6.x86_64


    Am I safe? There doesn't seem to be any info I can find about the cPanel kernel being updated.

    **************** EDIT: **************

    Nevermind, it seems the hardened version of cPanel is discontinued, and I will change to new kernel with fixes.

    How to here, How to Manually Remove the cPanel-Provided Hardened Kernel - cPanel Knowledge Base - cPanel Documentation
     
    #6 cws, Jan 8, 2018
    Last edited: Jan 8, 2018
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,720
    Likes Received:
    1,883
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It looks like CloudLinux should have an update available in the next day or two. They have updated their blog post to reflect that:

    Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    linux4me2 likes this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice