This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[HOT FIX - Unofficial] Critical FTP Module Exploit
#1
[HOT FIX - Unofficial] Critical FTP Module Exploit
[Image: Ubuntu-14.04-orange.svg?style=flat-square] [Image: Hot_Fix-CRITICAL-red.svg?style=flat-square] [Image: Sentora-1.0.0-blue.svg?style=flat-square] 
Disclaimer: Nothing below is official, I just wanted to release a easy patch ASAP. However all the code is merged on the official GitHub Repository and is tested on my own production server

As it was discussed on various topics (http://forums.sentora.org/showthread.php?tid=1680) and on GitHub (Issue PhpMyAdmin cannot open and Issue sentastico package) there is a critical exploit under the FTP Module.

Users are encouraged to either fix or disable the FTP Management Module.

Hot Fix for the FTP Exploit
I released a quick hotfix bash script.
Just run the following command on the server as root (sudo is not recommended)
Code:
bash <(curl -s http://repo.vanguardly.com/sentora/scripts/hotfix-ftp-module/hotfix-ftpmod-v1)
This will download the fixed script and replace the old one (creating a backup of the old file).

Hope this helps!

Tagging: Me.B TGates
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by: TGates , tkramer
#2
RE: [HOT FIX - Unofficial] Critical FTP Module Exploit
Yep I saw it... thinking here for the best solution to wrap this.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by: apinto
#3
RE: [HOT FIX - Unofficial] Critical FTP Module Exploit
Does this apply for Centos too?
Reply
Thanks given by:
#4
RE: [HOT FIX - Unofficial] Critical FTP Module Exploit
(07-24-2015, 02:55 AM)iraqiboy90 Wrote: Does this apply for Centos too?

Should work on CentOS however I have not tested.
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#5
RE: [HOT FIX - Unofficial] Critical FTP Module Exploit
Yep apply on centos.

I'm currently in beta for a full sentora patch, it will include all patches for previous releases from 1.0.0

https://github.com/MBlagui/sentora-insta...r_1.0.2.sh

If you face any issue you are welcome to report it. But works fine on my side tested mainly on centos.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#6
RE: [HOT FIX - Unofficial] Critical FTP Module Exploit
Work in Sentora 1.0.3?
Reply
Thanks given by:
#7
RE: [HOT FIX - Unofficial] Critical FTP Module Exploit
(08-13-2015, 07:52 AM)Mariox Wrote: Work in Sentora 1.0.3?

This is already included on 1.0.3 Wink
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
sentora 1.0.3 & critical patch for sentora 1.0.x Me.B 24 37,809 10-11-2015, 10:20 PM
Last Post: Finallf

Forum Jump:


Users browsing this thread: 1 Guest(s)