Tech Talk

[cPanel vuln - updates]

FYI...

cPanel vuln - updates...
- http://secunia.com/advisories/42625
Release Date: 2010-12-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: cPanel 11.x
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4344
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4345
Solution: Apply patches available via cPanel's package management system.
Original Advisory:
- http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
- http://www.cpanel.net/2010/12/critical-exim-security-update.html
"... rated as Critical by the cPanel Security team..."

- https://secunia.com/advisories/40019/
Last Update: 2010-12-14
... vulnerability is reported in versions prior to 4.70.
Solution: Update to version 4.72.

 

[cPanel 2012-05-31 security update]

FYI...

cPanel 2012-05-31 security update
- https://secunia.com/advisories/49363/
Last Update: 2012-06-05
Criticality level: Moderately critical
Impact: Unknown
Where: From remote ...
... vulnerabilities are reported in versions prior to 11.30.6.8, 11.32.2.28, and 11.32.3.19.
Solution: Update to version 11.30.6.8, 11.32.2.28, or 11.32.3.19.
Software: cPanel 11.x
Original Advisory: http://go.cpanel.net/changelog
Security Release 2012-05-31 Announcement
May 31, 2012 - "cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system..."

 

[cPanel - updates available]

FYI...

cPanel - updates available
- https://secunia.com/advisories/51494/
Release Date: 2012-12-05
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
Software: cPanel 11.x
... vulnerabilities are reported in versions prior to 11.30.7.4, 11.32.5.15, and 11.34.0.11.
Solution: Update to version 11.30.7.4, 11.32.5.15, or 11.34.0.11.
Original Advisory:
http://cpanel.net/important-security-release-cpanel-whm-11-30/
http://cpanel.net/important-11-32-security-update-cpanel-whm/
http://cpanel.net/important-11-34-security-release-cpanel-whm/

 

[SSHD rootkit in the wild]

FYI...

SSHD rootkit in the wild
- https://isc.sans.edu/diary.html?storyid=15229
Last Updated: 2013-02-22 18:32:22 UTC
"UPDATE: Over the night (depending on where you live), a lot of things happened... cPanel also posted a notice to their users that they have been compromised... keep in mind – if your servers are infected with the SSHD rootkit, the attackers will get your passwords/keys *anyway*... So make sure that you check if your server has been compromised and that you clean it accordingly..."

- https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229#comment
Fri Feb 22 2013, 01:49 - "... just in from cpanel: Salutations... cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with "sudo" or "su" for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis. As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel's security team is continuing to investigate the nature of this security issue..."

- http://atlas.arbor.net/briefs/index#-1814325122
Elevated Severity
Feb 26, 2013
Source:  http://arstechnica.com/security/2013/02/server-hack-prompts-call-for-cpanel-customers-to-take-immediate-action/
Feb 23 2013

- http://blog.sucuri.net/2013/02/cpanel-inc-server-compromised.html
Feb 22, 2013

 

[cPanel & WHM 11.36, 11.34, and 11.32 Security Releases]

FYI...

cPanel & WHM 11.36, 11.34, and 11.32 Security Releases
- https://cpanel.net/important-cpanel-whm-11-36-11-34-and-11-32-security-releases/
Feb 26, 2013 - "cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having important security impact. Information on security ratings is available at:
- http://go.cpanel.net/securitylevels

Determine Your System's Status
- http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CompSystem
Feb 25, 2013