A critical vulnerability has been discovered in the Backup/Restore manager of ispCP
Additionally, the phpMyAdmin version that ships with ispCP Omega 1.0.6 have several serious XSS vulnerabilities. To upgrade to the latest version of phpMyAdmin:
Today another critical security issue has been found. All ispCP Omega versions are effected.Read more
It is possible to use the ispCP Client Backup Manager to restore forged backups and - in worst case - gain control over the server system.
We strongly recommend to fix the described security issue by disabling the backup restore routine. For this open the ispcp-dmn-mngr in /var/www/ispcp/engine/ and search for
Code:
sub dmn_restore_data {
add
Code:
exit 1;
directly in the next line.
We try to deliver a patch as fast as possible. You can follow the status in ticket: 2440
Additionally, the phpMyAdmin version that ships with ispCP Omega 1.0.6 have several serious XSS vulnerabilities. To upgrade to the latest version of phpMyAdmin:
cp /var/www/ispcp/gui/tools/pma/config.inc.php ~/Read more
aptitude update && aptitude install subversion -R
svn export http://isp-control.net:800/ispcp_svn/trunk/gui/tools/pma /var/www/ispcp/gui/tools/pma
cp ~/config.inc.php /var/www/ispcp/gui/tools/pma/
sh /var/www/ispcp/engine/setup/set-gui-permissions.sh