cPanel

New ClamAV v0.93

Changelog:http://sourceforge.net/project/shownotes.php?release_id=592112Upgrade through WHM MSFE.

New cmm v1.09

Changes:

  • Reduced max lines shown of email to 500 lines. Added option to view the full email
  • Speedup in directory listing of email

New cmm v1.08

Changes:

  • Dramatically reduced memory overhead of listing mail directories by only reading the first 200 lines of any email. Also speeds up directory listing greatly
  • Display only the first 1000 lines of any email to reduce memory overhead and speed up display
  • Added new upgrade mechanism
  • Removed use of the cat binary
  • Added “Select by Search” JS code, thanks to rafaelfpviana on the forum for the code

Upgrade through WHM or by following the installation instructions again.

New csf v3.14

Changes:

  • Added new format for cPanel (v11.18.3) login failures to regex.pm
  • Added exe:/usr/libexec/gam_server to the default list of ignored binaries
  • Fixed problem with SCRIPT_ALERT not picking up alternative /home directories from wwwacct.conf

New csf v3.09

Changes:

  • Fixed missing copy for the portscan.txt report for generic installations
  • Added new option PS_EMAIL_ALERT to enable/disable Port Scan Tracking email alerts
  • Added a sample of the port blocks that trigger the Port Scan to the report. This new report will be copied to /etc/csf/portscan.txt.new on existing installations, rename it to portscan.txt to use it
  • Added Port Scan Tracking to WHM UI Firewall Security Level
  • Added cPAddon update email setting check to Server Security Report
  • Modified the SuEXEC link location to the cPanel v11 location in Server Security Report
  • Added portscan.txt template to editable list in WHM UI
  • Updated readme.txt

New csf v3.06

Changes:

  • Added System Exploit Checking. This enables lfd to check for the Random JS Toolkit and may check for others in the future:http://www.cpanel.net/security/notes/random_js_toolkit.htmlIt compares md5sums of the binaries listed in the exploit above for changes and also attempts to create and remove a number directory. The open is enabled by default. The report is generated from the exploitalert.txt template file

Exim Dictionary Attack ACL *Exploit*

If you’re still using our old exim_deny dictionary attack solution in cPanel you should stop doing so and exclusively use the one provided by cPanel in cPanel v11. An exploit vector has been found and published for our old method:http://paste2.org/p/12037However, using that exploit method would be quite tricky because the exim_deny.pl script generates that lock file when the very first email passes through the ACL after installation and from then on it wouldn’t be possible to use the above exploit. That is, someone would have to create the symlink as described in the time between you adding the ACL into exim and the first email arriving. Alternatively, if you actively and indiscriminately delete files from /tmp, then the exploit could be applied between the time of deleting the lock file and the next email passes through exim.Such a short window of opportunity makes the exploit as described extremely unlikely as the hacker would have no idea when you’re going to install the ACL or to do it in advance of installation.We’re not aware of anyone being exploited through the use of this method.Incidentally, if you’re running csf, then lfd would pick up this type of issue through LF_DIRWATCHMany thanks to Billy for bringing this to our attention.The simplest way to remove our old exim_deny method is to select the option in WHM > Exim Configuration Editor > Reset ACL Config to Defaults and then remove the exim_deny files:

rm -fv /etc/exim_deny /etc/exim_deny.pl /etc/exim_deny_whitelist /etc/cron.hourly/exim_deny.pl

PathTools v3.26 breaks MailScanner

On servers that are running the perl modules that are a part of PathTools, MailScanner breaks with the recently released v3.26. If you’re suffering from this issue you’ll see MailScanner continually restarting. If you run MailScanner in –debug you’ll see it SegFault. In /var/log/messages you’ll see continual:

MailScanner: Process did not exit cleanly, returned 0 with signal 11

You can confirm which version of PathTools is installed using:

perl -MCwd -e ‘print “$Cwd::VERSION\n”‘

To fix this you need to downgrade PathTools to v3.2501:

wget http://search.cpan.org/CPAN/authors/id/K/KW/KWILLIAMS/PathTools-3.2501.tar.gztar -xzf PathTools-3.2501.tar.gzcd PathTools-3.2501perl Makefile.PL makemake installcd ..rm -Rfv PathTools-3.2501*