The following bug has been fixed:
[-] Fixed moderate security issue in Courier IMAP server (#79692)
Comment
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.5.25 and all earlier 1.5.x versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-7
- Fixed Date: 2012-March-27
Description
Inadequate permission checking allows unauthorised viewing of administrative back end information.
Affected Installs
Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution
Upgrade to version 1.5.26
Reported by Cyrille Barthelemy
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.5.25 and all earlier 1.5.x versions
- Exploit type: Password Change
- Reported Date: 2012-March-8
- Fixed Date: 2012-March-27
Description
Insufficient randomness leads to password reset vulnerability.
Affected Installs
Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution
Upgrade to version 1.5.26
Reported by George Argyros and Aggelos Kiayias
Contact
The JSST at the Joomla! Security Center.
The CSR
Before you can order the SSL, you will need to create a CSR, or Certificate Signing Request. The CSR tells the certificate authority the information that the certificate will contain.
To create the CSR you can:
Login to WHM and go to “Generate a SSL Certificate and Signing Request”
You will now need to fill out the information. It is a good idea to have a copy of the certificate, CSR and the key e-mailed to you for your records. You may need the key later, especially if you plan to use the SSL on a different server than it was created.
Once you have the CSR you can take it to the certificate authority to have them sign it. Once they approve the SSL, after possible vetting steps, you are issued a signed trusted certificate.
The Install
In order to install the SSL you will need to go back in to WHM. In order to install the SSL you will need to have the domain on its own cPanel account as well as on its own IP address. If it is setup on an addon domain there are instructions for moving the domain to its own cPanel account in a different post.
- To create a new cPanel account, Login to your WHM with root as the user, and the root password you used to set up the server.
- In the find box type “create” and click the link “Create a new account” that comes up below.
- Here you will setup the domain, the user and the password and an e-mail address to send notifications to.
- As you move down you get to choose a package. You can manually set these options for each account or you can make the actual packages and apply them to multiple accounts with the drop down menu. The packages define quotas, such as disk space or how many e-mail accounts can be made, for the account.
- Next you will need to choose a theme. The theme sets different levels of control. You can set the account to be fully accessible or you can set it up so the cPanel only allows you to control the e-mail. These can be changed later if need by going to the “Modify Account” link on the left.
- The reseller option allows the account to create is own cPanel accounts and control them. This can be used any way you like but if your not selling hosting its usually not very useful.
- Next is the DNS settings. If you plan on making your own nameservers on this server you can skip over this section. If you are using external nameservers you will need to check the first box to get the name servers from the registrar.
- Last but not least is the mail routing section. This decides how your mail will be handled. The most 2 common choices are local and remote. If you plan on using this server to handle the mail for this domain it will need to be set to local. If you plan on using external mail servers this will need to be set to remote. There is an automatically configure option as well. This will not work if you are using external nameservers. This function reads the zone file that is created by default on the server.