Article ID: 116774, created on Aug 15, 2013, last review on May 2, 2014

  • Applies to:
  • Operations Automation 5.4

Symptoms

According to http://seclists.org/fulldisclosure/2013/Aug/81, it is possible for one user to create symlinks to other users' webspaces and, depending on the permissions set on webspaces, read or execute files while masking UIDs.

Cause

This is a problem in the Apache software.

Resolution

The solution is described in the following article on the CloudLinux website: http://docs.cloudlinux.com/index.html?securelinks.html

Make sure that all web servers in the Linux Shared Hosting NG web cluster are configured correctly in accordance with the instructions in the article above.

Search Words

apache

followsymlinks

security

NG Drupal

NG Drupal

caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae ac82ce33439a9c1feec4ff4f2f638899 2554725ed606193dd9bbce21365bed4e e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF