Forum

apinto

Disclaimer: Nothing below is official, I just wanted to release a easy patch ASAP. However all the code is merged on the official GitHub Repository and is tested on my own production server

As it was discussed on various topics (http://forums.sentora.org/showthread.php?tid=1680) and on GitHub (Issue #189 and Issue #191) there is a critical exploit under the FTP Module.

Users are encouraged to either fix or disable the FTP Management Module.

Hot Fix for the FTP Exploit
I released a quick hotfix bash script.
Just run the following command on the server as root (sudo is not recommended)

Code:
bash <(curl -s http://repo.vanguardly.com/sentora/scripts/hotfix-ftp-module/hotfix-ftpmod-v1)

This will download the fixed script and replace the old one (creating a backup of the old file).

Hope this helps!

Tagging: Me.B TGates

Me.B · 07-17-2015, 03:34 AM

Yep I saw it... thinking here for the best solution to wrap this.

iraqiboy90 · 07-24-2015, 02:55 AM

Does this apply for Centos too?

apinto · 07-24-2015, 03:04 AM

(07-24-2015, 02:55 AM)iraqiboy90 Wrote: Does this apply for Centos too?

Should work on CentOS however I have not tested.

Me.B · 07-25-2015, 03:39 AM

Yep apply on centos.

I'm currently in beta for a full sentora patch, it will include all patches for previous releases from 1.0.0

https://github.com/MBlagui/sentora-insta...r_1.0.2.sh

If you face any issue you are welcome to report it. But works fine on my side tested mainly on centos.

Mariox · 08-13-2015, 07:52 AM

Work in Sentora 1.0.3?

apinto · 08-13-2015, 08:32 AM

(08-13-2015, 07:52 AM)Mariox Wrote: Work in Sentora 1.0.3?

This is already included on 1.0.3 Wink

Possibly Related Threads...
Thread	Author	Replies	Views	Last Post
sentora 1.0.3 & critical patch for sentora 1.0.x	Me.B	24	32,229	10-11-2015, 10:20 PM Last Post: Finallf