Exim – Math Comparison Functions Local Command Execution

Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled.

The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can edit. In some cases, such as Exim being bundled with cPanel, the local command execution can actually lead to a root compromise as the Exim look-up is being done by the root user.

Read more ...

SimFS (VZ / OpenVZ) Exploit

Urgent Action Required

Looks like there is already a public exploit for the SimFS (VZ / OpenVZ) vulnerabilities that were disclosed today. The exploit will allow a malicious user to obtain any file from another container, making this a very serious vulnerability. Update should be applied as soon as possible.

Ongoing Discussion(s) via WHT:

Relevant Links / Updates:


source: hostingseclist

OpenSSL security updates issued

An update for OpenSSL was just released to address various security vulnerabilities and it is recommended that you update as soon as possible.

More information can be found on this page.


source:hostingseclist

cPanel Security Updates Issued

TSR-2014-0004

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Important.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

Read more ...

40 Free Open Source network monitoring tools

Network monitoring tools monitor associated systems for slow and failing components and notify the network administrators via emails, SMS or any other alarms.

These tools provide an at-a-glance, real-time view of your network devices, services, applications, connections, and traffic patterns.

Network monitoring has become a key responsibility of the network administrator. Administrators have a multitude of choices from open-source and freeware network monitoring software to commercial network monitoring tools. This article focuses on the open-source solutions available today.

Please note that this article is a work in progress. Additions and changes will be made going forward.

Read more ...

Woktron Live Chat