cPanel 0-day Exploit

Posted by abefroman on Jun 5, 2012 2:30 PM EDT
Hosting Round Table; By Terry Newbury
Mail this story
Print this story

cPanel Inc. has released a notice stating to upgrade cpanel via a "cPanel News: Targeted Security Release 2012-05-31 Announcement". These notices are extremely rare and should be taken very seriously. They did not give very many details other than to upgrade ASAP and they would release more specifics shortly, after everyone has a chance to upgrade.

cPanel Inc. has released a notice stating to upgrade cpanel via a "cPanel News: Targeted Security Release 2012-05-31 Announcement".

These notices are extremely rare and should be taken very seriously.

They did not give very many details other than to upgrade ASAP and they would release more specifics shortly, after everyone has a chance to upgrade.

If you run cPanel update now using: Code:

/scripts/upcp

if that doesn't work run: Code:

/scripts/upcp --force

The new patched versions are as follows: 11.32.3.19 for EDGE and CURRENT update tier 11.32.2.28 for RELEASE, STABLE, and 11.32 LTS update tier 11.30.6.8 for 11.30 LTS update tier

upcp will also automatically run and patch this during its next auto update, however it is certain hackers are trying to find out what this exploit is and hit people before they've patched.

cPanel's QA testing department discovered security issue during routine testing. It is unknown, though likely it is a root exploit, and it is also unknown if this is a remote exploit, or local exploit using privilege escalation. They also do not believe this exploit is known to anyone outside of cPanel.

More details will be posted here as they become available, which we expect on or before 6/4/12.

Full Story

  Nav
» Read more about: Story Type: Editorial, News Story, Security

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.