cPanel 0-day Exploit
|
|
cPanel Inc. has released a notice stating to upgrade cpanel via a "cPanel News: Targeted Security Release 2012-05-31 Announcement". These notices are extremely rare and should be taken very seriously. They did not give very many details other than to upgrade ASAP and they would release more specifics shortly, after everyone has a chance to upgrade.
|
|
cPanel Inc. has released a notice stating to upgrade cpanel via a "cPanel News: Targeted Security Release 2012-05-31 Announcement".
These notices are extremely rare and should be taken very seriously.
They did not give very many details other than to upgrade ASAP and they would release more specifics shortly, after everyone has a chance to upgrade.
If you run cPanel update now using:
Code:
/scripts/upcp
if that doesn't work run:
Code:
/scripts/upcp --force
The new patched versions are as follows:
11.32.3.19 for EDGE and CURRENT update tier
11.32.2.28 for RELEASE, STABLE, and 11.32 LTS update tier
11.30.6.8 for 11.30 LTS update tier
upcp will also automatically run and patch this during its next auto update, however it is certain hackers are trying to find out what this exploit is and hit people before they've patched.
cPanel's QA testing department discovered security issue during routine testing. It is unknown, though likely it is a root exploit, and it is also unknown if this is a remote exploit, or local exploit using privilege escalation. They also do not believe this exploit is known to anyone outside of cPanel.
More details will be posted here as they become available, which we expect on or before 6/4/12. Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
