Jump to content

Cpanel Local Exploit


abujenin

Recommended Posts

I know TCH takes security VERY seriously, which is why I have stayed with them longer than any other host (even a hosting company I worked for!). I'm sure they're on top of the exploit, but for obvious reasons, I don't think anyone will or should confirm nor deny it.

Link to comment
Share on other sites

The riusk is mitigated somewhat by the fact that it is a local exploit, meaning any attack on a host must be launched from an existing account with cPanel access.

 

This is good to hear. It means it will be difficult to do to just any host without first purchasing or owning an account. Yes they can purchase one but this will add to the work involved and make it more difficult.

 

We may not be 100% safe but with thousands of hosting companies out there our odds are lower.

 

Thanks for the heads up.

Link to comment
Share on other sites

Although it is limited to local account privilege escalation, combine it with a security hole in a web app that compromises an account and it's easy to gain the access needed.

 

Or key loggers installed on compromised Windows machines that grab the login info for a hosting account.

 

There are numerous ways to exploit this, without having an account on a cPanel server.

 

I'm not attempting to fear-monger, just providing some examples of attack vectors.

Link to comment
Share on other sites

As stevevan said above, TCH monitors security-related issues closely, and updates their software accordingly.

 

If you want to verify that your site isn't at risk, though, you can probably log a help desk ticket. That way a paid staff member will respond to your query.

 

Best wishes,

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...