The symlink race condition vulnerability

May 15, 2019
20
2
3
California
cPanel Access Level
Website Owner
I'm running Webhost manager on Ubuntu 20.4 (cpanel's supported version) but I only have the "BlueHost version" to patch this vulnerability. Cloudlinux has several methods, Is there a fix on the way from cPanel for this issue?
 
May 15, 2019
20
2
3
California
cPanel Access Level
Website Owner
This is what it says:

The Bluehost patch improves Apache’s ability to detect a race condition. The Bluehost patch modifies Apache and the Apache Portable Runtime (APR) library so that Apache cannot access certain files.

It's my only option to patch it in Web Host Manager. But it says it's not optimal for patching it.
 
May 15, 2019
20
2
3
California
cPanel Access Level
Website Owner
Security Advisor says this:
Apache Symlink Protection: the Bluehost provided Apache patch is in effect
It appears that the Bluehost provided Apache patch is being used to provide symlink protection. This is less than optimal.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,427
2,113
363
cPanel Access Level
Root Administrator
Hey there! I see you also posted here:


Since this is related to Apache, it's really not up to Ubuntu to decide how to handle this.

For an Ubuntu system, the BlueHost patch is the only option currently available. If you feel you need additional protection, it might be worth switching to a Redhat-based operating system. Since the other more exhaustive options are kernel-based, they just aren't available for Ubuntu.