tillo
Verified User
I just noticed a 0day exploit for DirectAdmin on milw0rm (http://www.milw0rm.com/exploits/8286).
For anyone concerned about its security, make sure none of your untrusted users have SSH access and block any process-launching function in PHP (read for example this post, important functions are "passthru, proc_nice, shell_exec, symlink, system, exec, popen, proc_open") until a DA update is available.
EDIT: I just tried various ways to make that exploit work without succeeding (even using "?action=resetowner" on the file and "?action=resetowner&method=recursive" on the containing directory), I guess it's a false alarm. Anyway, I believe it's better to wait for an official confirmation.
EDIT2: it is working for any file owned by apache (user or group), it is not a direct security risk but it may be: consider that every public_html directory has GID=apache.
For anyone concerned about its security, make sure none of your untrusted users have SSH access and block any process-launching function in PHP (read for example this post, important functions are "passthru, proc_nice, shell_exec, symlink, system, exec, popen, proc_open") until a DA update is available.
EDIT: I just tried various ways to make that exploit work without succeeding (even using "?action=resetowner" on the file and "?action=resetowner&method=recursive" on the containing directory), I guess it's a false alarm. Anyway, I believe it's better to wait for an official confirmation.
EDIT2: it is working for any file owned by apache (user or group), it is not a direct security risk but it may be: consider that every public_html directory has GID=apache.
Last edited: