Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spectre and Meltdown

Discussion in 'Security' started by SecondSight, Jan 7, 2018.

  1. SecondSight

    SecondSight Well-Known Member

    Joined:
    Jun 30, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    Hello ! :)

    Can someone tell me more about Spectre and Meltdown and how to prevent my server (Centos + WHM/CPanel) from being infected ?

    Will WHM/CPanel show a message when there is a patch available ?

    What should I do to manage this problem on my side ?

    Thank you. :)
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,998
    Likes Received:
    339
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    No, I don't think so. But you should find these links of some use:
    Meltdown - CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - cPanel Knowledge Base - cPanel Documentation
    CloudLinux 6 kernel updated

    How to patch Meltdown CPU Vulnerability CVE-2017-5754 on Linux - nixCraft
    Howto patch Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on Linux - nixCraft
     
    #2 Infopro, Jan 7, 2018
    Last edited: Jan 7, 2018
    linux4me2 likes this.
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    905
    Likes Received:
    29
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I'm not expecting a detailed answer, just something in laymans terms.

    How would such a vulnerability be executed.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,998
    Likes Received:
    339
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. MarceloKonrath

    MarceloKonrath Active Member

    Joined:
    Jun 8, 2013
    Messages:
    30
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello Infopro

    The fault seems to be quite difficult to exploit.

    Cloudlinux does not have a stable update yet.

    What are your recommendations?

    Access root with dedicated ip? Use 2 Factor Authentication for WHM?

    Thank you
     
  6. cws

    cws Registered

    Joined:
    Jan 18, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm running the hardened cPanel version of Centos 6, and trying to determine if the latest kernel has addressed these vulnerabilities.

    I followed the steps on the Documentation here Meltdown - CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - cPanel Knowledge Base - cPanel Documentation

    After updating just a few minutes ago, my machine is reporting this:

    2.6.32-696.199.cpanel6.x86_64
    centos-release-6-9.el6.12.3.x86_64

    root@web1 [/]# rpm -q kernel | tail -n1
    kernel-2.6.32-696.299.10.3.cp6.x86_64


    Am I safe? There doesn't seem to be any info I can find about the cPanel kernel being updated.

    **************** EDIT: **************

    Nevermind, it seems the hardened version of cPanel is discontinued, and I will change to new kernel with fixes.

    How to here, How to Manually Remove the cPanel-Provided Hardened Kernel - cPanel Knowledge Base - cPanel Documentation
     
    #6 cws, Jan 8, 2018
    Last edited: Jan 8, 2018
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,484
    Likes Received:
    1,612
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It looks like CloudLinux should have an update available in the next day or two. They have updated their blog post to reflect that:

    Intel CPU Bug - Meltdown and Spectre - KernelCare and CloudLinux

    Thank you.
     
    linux4me2 likes this.

Share This Page