|
|
https://documentation.cpanel.net/display/CKB/CVE-2017-16943+and+CVE-2017-16944+Exim
Impact
According to Exim development: "A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice)."
The vulnerability exists in the ESMTP CHUNKING extension, and an additional DoS vulnerability exists in the same subsystem. On supported cPanel & WHM versions, chunking_advertise_hosts is set to an un-routable IP address by default. That technique appears to prevent the remote exploitation of the vulnerabilities.
On further investigation, we became concerned that local users may still be able to abuse this configuration. Accordingly, we published an autofixer on Monday, November 27 2017, to fully disable chunking support in Exim. This would have run during Monday's nightly maintenance, and can be confirmed by running the following as root via SSH:
/scripts/autorepair exim_disable_chunking
Resolution
This page will be updated as new versions of cPanel & WHM are published to address CVE-2017-16943 and CVE-2017-16944.
Workarounds
As stated above: you may completely disable chunking support in Exim. To do this, run the following command as root via SSH:
/scripts/autorepair exim_disable_chunking
https://nvd.nist.gov/vuln/detail/CVE-2017-16943
https://nvd.nist.gov/vuln/detail/CVE-2017-16944
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
Read more »
|
|
|
|
Hello,
A very serious security problem has been found in the Linux kernel. A 0-day local privilege escalation vulnerability has existed for eleven years since 2005. This bug affects all sort of of Android devices or Linux kernel to escalate privileges. Any user can become root in less than five seconds. The bug has existed since Linux kernel version 2.6.22+
A list of affected Linux distros (including VMs and containers that share the same kernel)
Red Hat Enterprise Linux 7.x Red Hat Enterprise Linux 6.x Red Hat Enterprise Linux 5.x CentOS Linux 7.x CentOS Linux 6.x CentOS Linux 5.x Debian Linux wheezy Debian Linux jessie Debian Linux stretch Debian Linux sid Ubuntu Linux precise (LTS 12.04) Ubuntu Linux trusty Ubuntu Linux xenial (LTS 16.04) Ubuntu Linux yakkety Ubuntu Linux vivid/ubuntu-core SUSE Linux Enterprise 11 and 12.
Details and Fixing :
Redhat : https://access.redhat.com/security/vulnerabilities/2706661 Debian : https://security-tracker.debian.org/tracker/CVE-2016-5195 Ubuntu : http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
Please feel free to submit a ticket if you need help.
Read more »
|
|
|
|
Hello,
This is a courtesy notice to let you know about the (Linux Glibc Getaddrinfo Stack-based Buffer Overflow Zero Day Vulnerability).
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This package contains the standard C library against which all GNU/Linux programs are linked.
Fix the Glibc Getaddrinfo vulnerability on a RHEL/CentOS Linux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Type the following yum command:
$ sudo yum clean all $ sudo yum update
After the update is applied you need to reboot the system or restart all affected services:
Because this vulnerability affects a large amount of applications on the system, the safest and recommended way to assure every application uses the updated glibc packages is to restart the system.
In case you are unable to restart the entire system after applying the update, execute the following command to list all running processes (not restricted to services) still using the old [in-memory] version of glibc on your system.
lsof +c0 -d DEL | awk 'NR==1 || /libc-/ {print $2,$1,$4,$NF}' | column -t
From the resulting list, identify the public-facing services and restart them.
You can find more details from the links below.
https://access.redhat.com/security/cve/cve-2015-7547 https://access.redhat.com/articles/2161461
If you are not running any systems on CentOS 6 or 7: Your services are unaffected by this vulnerability.
If you have any questions, please do not hesitate to open a ticket with our helpdesk.
Read more »
|
|
|
|
Hello,
Content Management Systems are a prime base camp for triggering malicious activity. These CMS are commonly used by people who doesn't have much idea about coding and scripting. The hackers create a hand full of useful components for these cms. The people who have very less or no knowledge about coding will use these components without inspecting what it actually does. For easy spamming, they include mailing scripts to send out tones of spam emails. Using outdated core and components also victimizes the domain owner. These components will have serious security holes which help intruders to get access to the filesystem and trigger malicious activities. When ever an update is available, please apply it as soon as possible. PHP mail function is one of the way to send out anonymously/spoofed emails. In our case we commonly use this on our contact us web forms. This mail form act as a smtp proxy, this function takes ([RECIPIENT],[SUBJECT],[MESSAGE],[EXTRAHEADERS], [EXTRAPARAMS]) as parameters. There are numerous additional fields that can be specified in the mail headers, For example 'Cc' (Carbon Copy), which sends a copy of the message to the email addresses given as arguments, 'Bcc' (Blind Carbon Copy) which sends a carbon copy of the message just like with the 'Cc' header. By entering hexadecimal characters in the form field they are able to add carriage returns and spaces. So the following string entered in a form field such as "Your Email" will result in a carbon copy of the email being sent to recipient@someothersite.xxx and a blind carbon copy being sent to victim2@victimsdomain.xxx and victim3@victimsdomain.xxx Many sites provide the possibility to "email this page to a friend" "contact us" through a web form, the resulting email softly suggests to "visit our website" on behalf of the user that filled in the form with his personal email address. Even though the subject and the message are hardcoded, there is still a way to inject headers. To completely eliminate the possibility of php mail() function being exploited, we will be disabling this function on our servers. For sending out emails you may use phpmailer with smtp auth. A sample script to achieve this is mentioned bellow. <?php require("class.phpmailer.php"); $mail = new PHPMailer(); $mail->IsSMTP(); // set mailer to use SMTP $mail->Host = "mail.yourdomain.com"; // specify main and backup server $mail->SMTPAuth = true; // turn on SMTP authentication $mail->Username = "youremailid@domain.com"; // SMTP username $mail->Password = "yourpassword"; // SMTP password $mail->From = "youremailid@domain.com"; $mail->FromName = "Mailer"; $mail->AddAddress("myname@myname.com", "My Name"); // name is optional $mail->AddReplyTo("info@example.com", "Information"); $mail->WordWrap = 50; // set word wrap to 50 characters $mail->IsHTML(true); // set email format to HTML $mail->Subject = "Here is the subject"; $mail->Body = "This is the HTML message body <b>in bold!</b>"; $mail->AltBody = "This is the body in plain text for non-HTML mail clients"; if(!$mail->Send()) { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } echo "Message has been sent"; ?>
Please feel free to submit a ticket if you need help.
We will disable it on Wednesday at 04h00 a.m. (EST) on 20th of January, 2016
Read more »
|
|
|
|
Hello,
Please use following nameservers for new created accounts.
ns1.sameservers.com - 66.7.198.4 ns2.sameservers.com - 67.23.253.4 ns3.sameservers.com - 69.164.204.20
Happy 2016
Read more »
|
|