A very serious vulnerability has just been discovered in OpenSSL, a very popular cryptographic library.

According to the freshly released security bulletin by The OpenSSL Project, a missing bounds check in the handling of the TLS Heartbeat Extension can be used to reveal up to 64k of memory to a connected client or server.

In practice, this allows the stealing of protected information by the SSL/TLS encryption used.

SSL/TLS protocols provide communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). Attackers can steal secret keys, user names and passwords, instant messages, emails and business’ critical documents and communication – all of this without leaving a trace.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

As of today, a number of Nix*-like operating systems are affected, since they are packaged with vulnerable OpenSSL:

  • Debian Wheezy (Stable), OpenSSL 1.0.1e-2+deb7u4)
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11)
  • CentOS 6.5, OpenSSL 1.0.1e-15)
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenBSD 5.3 (OpenSSL 1.0.1c) ? 5.4 (OpenSSL 1.0.1c)
  • FreeBSD 8.4 (OpenSSL 1.0.1e) ? 9.1 (OpenSSL 1.0.1c)
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)

Packages with older OpenSSL versions – Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14, SUSE Linux Enterprise Server – are free of this flaw.

What versions of the OpenSSL are affected?

Status of different versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

If you would like to have this vulerability patched please purchase a 1x Hour of Support plan.

Don’t hesitate to contact us for any questions you may have through our Contact Form page or LiveChat!.

We have been getting number of attack reports from clients with Wordpress installs and further investigating we found a global attacks on wordpress.

Right now there is a very severe and global attack on all Wordpress sites on the Internet and almost all hosting providers are affected. The attack is a brute-force attack which is global and  highly distributed, This attack is well organized and again very, very distributed; we have seen high number of spoofed IP addresses involved in this attack. As the IP’s are spoofed, blocking the IP’s does not help much.

If you need any asisstance in blocking this attacks please submit a 1x Hour of Support plan and we will help you right after!

Don’t hesitate to contact us if you have any questions or need further assistance.

A new Parallels Plesk Panel privilege escalation vulnerabilities have been discovered (VU#310500 and CVE-2013-0132, CVE-2013-0133)

  • Plesk’s /usr/sbin/suexec binary (the binary may be present in additional locations, always with suexec in the filename) always allows the binary ‘cgi-wrapper’, bypassing restrictions on the ownership of the file to be called. Since cgi-wrapper’s function is to execute a PHP script based on environment variables (and suexec does not sanitize these environment variables) this allows execution of arbitrary PHP code with a user id above a minimum user ID value that is hardcoded in the suid binary. CVE-2013-0132
  • The program /usr/local/psa/admin/sbin/wrapper allows the user psaadm to execute various administrative scripts with root privileges. Some of these scripts call external programs without specifying the full path. By specifying a malicious PATH environment variable, an attacker can cause the administrative scripts to call his own program instead of the intended system program. CVE-2013-0133

Parallels Plesk Panel versions 9.x-11.x with Apache web server running mod_php, mod_perl, mod_python, etc. is vulnerable to authenticated user privilege escalation. Authenticated users are users that have login to Parallels Plesk Panel (such as f.e. your customers, resellers, or your employees).

Patching the server with the latest MU’s is extremely mandatory.

We highly suggest purchasing our Full Security Audit plan to update/patch and confirm your server hasn’t been compromised.

Should you have further questions please don’t hesitate to contact our Customer Support Team available 24/7 !

MariaDB versus MySQL - Compatibility

MariaDB is a binary drop in replacement for MySQL

For all practical purposes, MariaDB is a binary drop in replacement of the same MySQL version (for example MySQL 5.1 -> MariaDB 5.1, MariaDB 5.2 & MariaDB 5.3 are compatible. MySQL 5.5 will be compatible with MariaDB 5.5). What this means is that:

Data and table definition files (.frm) files are binary compatible.
All client APIs, protocols and structs are identical.
All filenames, binaries, paths, ports, sockets, and etc… should be the same.
All MySQL connectors (PHP, Perl, Python, Java, .NET, MyODBC, Ruby, MySQL C connector etc) work unchanged with MariaDB.

There are some installation issues with PHP5 that you should be aware of (a bug in how the old PHP5 client checks library compatibility).
The mysql-client package also works with MariaDB server.
The shared client library is binary compatible with MySQL’s client library.

This means that for most cases, you can just uninstall MySQL and install MariaDB and you are good to go. (No need to convert any datafiles if you use same main version, like 5.1).

Reference : https://kb.askmonty.org/

Restoring a User’s Database Access For WHM version 11.36

If a database user loses access to databases, you may be able to restore the user’s grants to the database using the restoregrants utility.

Using Restoregrants to Restore the User’s Database Access

Execute one of the following commands from the command line:

/usr/local/cpanel/bin/restoregrants –cpuser=$cpuser –db={mysql, pg} –dbuser=$dbuser
or
/usr/local/cpanel/bin/restoregrants –cpuser=$cpuser –db={mysql, pg} –all

$cpuser The cPanel username which has lost access to databases.
{mysql, pg} The type of database: mysql for MySQL or pg for PostgreSQL.
$dbuser The database user whose privileges you wish to restore.

Next »