Security 10809 Published by

Another small vulnerability has been discovered in ispCP Omega 1.0.5 while running in DEBUG mode



Today we discovered another fault, this time in the ispCP Omega Engine if DEBUG is set to 1 in ispcp.conf. (System default is 0.)

On Database backup the password for the ispCP database user is shown and logged in clear text, while logs are world readable. It is recommended to fix this bug by either set DEBUG to 0 or use the patch attached to ticket 2411.

An Identical security hole was discovered today in these scripts:

engine/backup/ispcp-backup-all
engine/backup/ispcp-backup-ispcp

The patch attached to the ticket #2411 was updated today.

Also, it's recommended to remove all the /var/log/ispcp/* log after fixing this security hole by setting debug mode to 0, or by applying the patch. For versions prior to ispCP 1.0.5, it's strongly recommended to migrate and to apply the patch.

Note: For the last script, it's really more important because this time, it's the main SQL account login (eg. SQL root account) credentials that is stored in cleartext.

We apologize for any inconvenience caused.
  ispCP Omega 1.0.5 Security Announcement II