edanlan 发表于 2018-4-9 13:19:05

VestaCP漏洞修补更新

Thanks
@安之若素 大佬: https://www.hostloc.com/forum.php ... p;highlight=vestacp
@fkj大佬 https://www.hostloc.com/forum.php ... p;highlight=vestacp

skid wrote Sun Apr 08, 2018 10:26 pm
https://forum.vestacp.com/viewtopic.php?f=10&t=16556&start=260#p68893

The fix has been released just now!
As usually there are 3 ways to update your server:

1. Via web interface
- Login as admin
- Go to updates tab
- Click un update button under vesta package

2. Via package manager
- SSH as root to your server
- yum update / apt-get update && apt-get upgrade

3. Via GitHub
- SSH as root
- Install git / yum install git /apt-get install git
- Then run following commands

Code: Select all

cd $(mktemp -d)
git clone git://github.com/serghey-rodin/vesta.git
/bin/cp -rf vesta/* /usr/local/vesta/

Some information about this indecent. We still don't have working exploit for previous version. But we know for sure that the vector of attack was through a potentially unsecure password check method. Therefore we have completely rewrite password auth function. It's bullet proof now!

Please upgrade your servers as soon as possible.

fkj 发表于 2018-4-9 14:58:08

本帖最后由 fkj 于 2018-4-9 14:59 编辑

顺便提醒一下这次的补丁只是修复了通过验证密码漏洞取得root权限运行脚本的部分,但是要到这一步必须先把脚本上传到服务器上,所以如果证实是组合漏洞的话可能还会有第二部分补丁防止上传脚本,大家随时关注。

安之若素 发表于 2018-4-9 13:23:07


static/image/smiley/default/lol.gif
国内用这个的人应该不太多,平时也不见mjj讨论这个。

fengpioaxue 发表于 2018-4-9 13:50:39

正在用这个,谢谢

不要怂 发表于 2018-4-9 14:18:20

完全看不懂

WordPress迷 发表于 2018-4-9 14:31:53

先升级一波再说

Yikmings 发表于 2018-4-9 14:33:06

有開自動的已經更新到 20 版本...

mymyhope 发表于 2018-4-9 14:39:25

感谢

我不是你的 发表于 2018-4-9 15:03:45


安之若素 发表于 2018-4-9 13:23

国内用这个的人应该不太多,平时也不见mjj讨论这个。
不是不用,是TX云安装不了提示错误

左手写爱 发表于 2018-4-9 13:23:00

这个国内用户应该不是很多吧
页: [1]
查看完整版本: VestaCP漏洞修补更新