ConfigServer Services Blog

New cxs v2.43 (security fix)

SECURITY FIX. Anyone running cxs on a DirectAdmin server should upgrade to this release immediately:Changes:

  • Add check for successful open of admin.list on DA servers to avoid a segfault, which could lead to a buffer overflow

This issue is apparent on DirectAdmin servers only where this C wrapper is used.Note: cxs is not currently officially support on anything other than cPanel servers

New csf v5.42 (security fix)

SECURITY FIX. Anyone running csf on a DirectAdmin server should upgrade to this release immediately:Changes:

  • Add check for successful open of admin.list on DA servers to avoid a segfault, which could lead to a buffer overflow

This is in response to http://www.exploit-db.com/exploits/18225/This issue is apparent on DirectAdmin servers only where this C wrapper is used.

New cxs v2.42

Changes:

  • Fixed problem where dir: ignores where not being fully implemented in single file scans
  • Fixed problem where dir: and hdir: ignores where not being fully implemented by the cxs Watch daemon when auto-reloading an ignore file
  • Exploit fingerprint definitions database additions

New cxs v2.41

Changes:

  • Developed another new advanced PHP decoder for –decode ([D])
  • Fixed advanced decoder output formatting when using –decode [file]
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.40

Changes:

  • Modifications to cxs Watch daemon so that it no longer needs to completely restart if changes to –xtra [file] are detected
  • Added detection and decoding of Hex encoding to advanced PHP decoders
  • Exploit fingerprint definitions database additions

New cxs v2.39

Changes:

  • Memory management and speedup improvements for cxs Watch Daemon
  • Improvements to advanced PHP decoders to –decode ([D])
  • Corrected cxs POD to read –upgrade instead of –update
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.38

Changes:

  • Added more advanced PHP decoders to –decode ([D])
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.37

Changes:

  • cxs Watch – report error if unable to increase /proc/sys/fs/inotify/max_user_watches
  • Further improvements to –timemax [secs] reports
  • Further improvements to error reporting during scans
  • Exploit fingerprint definitions database additions

ConfigServer Holiday: 3 Nov 2011 to 13 Nov 2011

Announcement

Our Online Store and Helpdesk will both be closed from the 3rd November 2011 to the 13th November 2011 while we take our annual holidays. We will not be available to accept orders, reply to emails or provide support for any issues during this time.

If you decide to purchase a Service Package before the 3rd of November 2011, please be aware that we will not be able to perform any work or provide any support during the period above.

We will be open for business again from the 14th November 2011.

New cxs v2.36

Changes:

  • cxs Watch will now restart if a change to a specific –xtra [file] is made. This triggers a full restart of cxs Watch
  • Improvements to –timemax [secs]
  • Improvements to error reporting during scans
  • Added more advanced PHP decoders to –decode ([D])
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions