Hello SysCP-Community,
today I received a mail about a
severe security problem in the handling of open_basedir paths.
Customers are able to add whatever path they want via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot, not the customer root.
SysCP 1.4.2.2 fixes this bug, together with a problem in safe_exec executing unwanted commands (#1288).
Every SysCP installation using the
SysCP 1.4 series up to version 1.4.2.1 is affected by these security problems.
I want to thank Ian Banfield from brightlight.ch and massimo (in the bugtracker) for reporting these issues.
As always you'll find the updated downloads at files.syscp.org or
http://www.syscp.org/download.html.
The direct link to the archive is
http://files.syscp.org/releases/tgz/syscp-1.4.2.2.tar.gz.
If you don't want to update the whole package, consider using a patch.
Either you generate it directly from svn using the following command:
svn diff
http://svn.syscp.org/tags/1.4.2.1 http://svn.syscp.org/tags/1.4.2.2or download it at
http://files.syscp.org/releases/diff/syscp-1.4.2.1-1.4.2.2.patch.
The most important part is the patch of functions.php.
Please make also sure you don't have any colons in any documentroot at the table panel_domains.
Regards, Flo
Author