(cpanel + freebsd) proftpd login bug?

hi, i'm using WHM 9.2.0 cPanel 9.2.0-S29 and FreeBSD 5.2.1.

i just found out that the entries in my /etc/proftpd/passwd.vhosts file had no passwords, meaning anyone can login with any password provided they already know a username.

after some checking, i found that /usr/local/cpanel/bin/mkvhostspasswd contains this piece of code:
Code: 
chomp($system = `/bin/uname -s`);

if ($system =~ /freebsd/i) {
        open(PWF,"/etc/master.passwd");
} else {
        open(PWF,"/etc/shadow");
}
in FreeBSD, uname is in /usr/bin, and not /bin, so the FreeBSD check which follows that fails. because of that, no passwords are read from /etc/master.passwd and subsequently passwd.vhosts is filled with empty passwords.

the solution i did was simple, which was simply symlinking /usr/bin/uname -> /bin/uname.

if you're using this combination (fbsd + cpanel), i'm interested to know whether:

1) your mkvhostspasswd has the same code snippet as above
2) /bin/uname already exists

cheers (cpanel + freebsd) proftpd login bug?

 

 

 

 

Top