It seems that a 0-day in the control panel software ‘cPanel’ used by HostGator and many other ISPs allowed attackers to compromise HostGator systems to setup the VML flaw iframe redirect.

HostGator confirmed that their hosting systems had been compromised by exploiting a previously unknown cPanel vulnerability, the vulnerability allowed an attacker to gain root level access to the compromised systems. HostGator commented that it appeared the vulnerability was present in all versions of cpanel including the latest stable, current and bleeding edge as of last friday.

cPanel have released a fix for the vulnerability and more details of the security fix can be found on the cPanel forums. It is recommended that cPanel users run ‘/scripts/upcp’ to perform an update and update to the latest EDGE or CURRENT build as these contain the fix for the issue. In the discussion about the vulnerability on the cPanel forums, cPanel state that the vulnerability requires access to a cPanel account in order to attempt compromise the vulnerable system.

Add this page to your favorite Social Bookmarking websites