Web Hosting News

  Home arrow Web Hosting News arrow cPanel, IE Security Flaws Exploited by...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING NEWS

cPanel, IE Security Flaws Exploited by Hackers
By: Terri Wells
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5
    2006-10-18

    Table of Contents:
  • cPanel, IE Security Flaws Exploited by Hackers
  • The Set Up
  • The Fallout
  • And What About Microsoft?

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    cPanel, IE Security Flaws Exploited by Hackers


    (Page 1 of 4 )

    It’s the kind of story that scares just about anyone in the web hosting business: a combination of holes that lets hackers redirect visitors to their customers’ sites. So angry web surfers end up at malware-laden web sites, angry site owners lose traffic and goodwill, and what do web hosts do? Keep reading to find out.

    Halloween came early this year for a number of web hosts – September 19, to be exact. It was right around then that a security issue in Microsoft’s Internet Explorer browser, discovered by Sunbelt Software, was made public. Here’s the official description from US-CERT:

    “Microsoft IE version 5.0 and higher supports the Vector Markup Language (VML), which is a set of XML tags for drawing vector graphics. IE fails to properly handle malformed VML tags allowing a stack buffer overflow to occur. If a remote attacker can persuade a user to access a specially crafted web page with IE, that attacker may be able to trigger the buffer overflow. In addition, an attacker could deliver an HTML email message or entice a user to select an HTML document in Windows Explorer.”

    The stack buffer overflow exploit could allow a remote attacker to execute arbitrary code, such as Trojans or other malware, on a vulnerable system. But this only works if you get the web surfer to that “specially crafted web page” and they’re using IE. Many surfers are savvy enough not to click on links in spam messages. So what’s a determined hacker to do?

    The answer came in the form of a cPanel security issue. cPanel is a widely used hosting control panel. The flaw was previously unknown, but “I can tell you with all accuracy that…[the cPanel exploit] provides root access and all cPanel servers are affected. This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current, and Edge,” according to Tim Greer, a system administrator for HostGator. And he should know; HostGator was one of seven web hosts that became victims of hackers who took advantage of the two security holes.

    More Web Hosting News Articles
    More By Terri Wells

    WEB HOSTING NEWS ARTICLES

    - FreedomPop Offering Open Wi-Fi Service
    - Go Daddy Goes to India
    - Netelligent, Savvis Add New Canadian Web Hos...
    - World IPv6 Launch Happens Today
    - IT Teams Struggle to Keep Pace with Malware
    - Lulz Security Hacks CIA, Takes Requests
    - Apple Unveils iCloud
    - Rackspace Introduces Cloud Load Balancers
    - Amazon Offers Cloud Drive, Disses Music Indu...
    - New Android.Pjapps Trojan
    - Copyright Fight over Hurt Locker Downloads I...
    - Data Reveals Many Browsers Remain Unpatched
    - PandaLabs Report - What Happens to Stolen In...
    - Safari Books Online Review
    - Hackers Targeting Human Rights Groups

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap