Reading time: 1 minute
Our partners at bugbounty discovered a vulnerability exposing root access – we have already fixed it.
You need to update the pannel:
- Ispmanager 6 to the latest stable version, 6.88.1 or beta 6.90.1.
- Ispmanager 6 installed on EOL OS — version 6.68.3 for Debian 9 and 6.66.1 for Ubuntu 16.
- For ISPmanager 5 both lifetime and fixed-term licenses. Version 5.361.1. We also renew all updates of lifetime licenses for free. Despite that, we still recommend migration to ispmanager 6. The actual version has new features set and gets updates every month. To make migration easier, we give two hours professional services for free to every person with an active ispmanager 6 license in eu.ispmanager.com
In your panel, go to «Help» → «About the Program». Click the «Upgrade Product» button.
We've released a workaround for ISPmanager 5. The workaround is to be used if a user cannot update the panel to the latest version.
How to apply the workaround. For all panels — in the server console or in the ISPmanager shell client - execute the following commands:
curl -o fix-isp6-1585.sh "https://download.ispmanager.com/tools/patch1585/fix-isp6-1585.sh" sh ./fix-isp6-1585.sh
For ISPmanager 5 business — run the command on all nodes and master.
After the execution of the command, the script will restart the panel automatically.
It is not necessary to run the command in case you have:
- ISPmanager 5 5.361.1.
- Ispmanager 6, versions 6.66.1; 6.68.3; 6.88.1; 6.90.1 and higher.