Search results

Hi All, Right now it is not clear (to me) if the DirectAdmin Exim configuration is actually vulnerable for this RCE. More info here: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115

Since DirectAdmin version 1.646 we have issues on servers with exim.variables.conf.custom. We have many servers with custom openssl_options, tls_require_ciphers, tls_certificate or other settings. For example: /usr/local/directadmin/custombuild/build exim_conf 2023-01-05 14:41:20 Exim...

We noticed that Apache was hanging because the OCSP responders from Let's Encrypt are or were unreachable. On our DirectAdmin servers with Apache, we use the following OCSP stapling settings: SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache...

Hello, We have nearly 40 servers with Redis installed. These Redis installations have been installed before Custombuild included Redis. Since yesterday we get the following errors when running ./build update_versions: root@server:/usr/local/directadmin/custombuild# ./build update_versions...

There is a heap overflow in string_vformat(). Using a EHLO message, remote code execution seems to be possible. Sources: https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html https://nvd.nist.gov/vuln/detail/CVE-2019-16928

In some cases I want to use a different outgoing IP (not the server IP) for all domains without having to change anything in DirectAdmin. The current workaround is to comment this line in exim.conf: interface = <; ${if...

When installing Roundcube with custombuild a da_roundcube mysql user is created with specific privileges. In MySQL 5.7 a new privilege was added (REFERENCES) which is now required by the initial roundcube database insert. This is the relevant part in the build script. mysql...

When ModSecurity is build with Custombuid, a directory for config files is created: /etc/modsecurity.d/ Config files in this directory are loaded in the httpd-modsecurity.conf file: IncludeOptional /etc/modsecurity.d/*.conf However, when (re)building ./build modsecurity, all config files are...