Warning! Vulnerability in ispmanager | ISPserver Skip to main content

News

ISPserver
25.01.2024

Warning! Vulnerability in ispmanager

As part of the bug bounty program, Ispmanager partners have identified a vulnerability that allows root access. To fix the problem, upgrade the control panel to stable 6.88.1 or beta 6.90.1. 

To update ispmanager 6, click «Read about the software product» in the «Help» section and in the next window click «Update product».

The problem also affects ISPmanager 5, no more updates are released for this version, so to solve the problem you should either upgrade to ispmanager 6 (by yourself or with the help of tech support) or wait for instructions from the developers. The ispmanager team will release it next week.

Update of January 31 

Ispmanager has published a corrective patch for the 5th version of the control panel — 5.361.1. We recommend users to upgrade as soon as possible.

If you are unable to update the panel by standard means, apply this script in the server console or shell client. If you are using ispmanager 5 Business, you should apply the script on all nodes.

curl -o fix-isp6-1585.sh "https://download.ispmanager.com/tools/patch1585/fix-isp6-1585.sh"

sh ./fix-isp6-1585.sh

Note, restarting ispmanager will not be required.

If you are using one of the listed versions of ispmanager, there is no need to upgrade: 

  • 5.361.1
  • 6.66.1
  • 6.68.3
  • 6.88.1
  • 6.90.1 and higher

If you still have questions, our support team is on call and always ready to help.