Several bugs and vulnavulnerabilities were found on last cPanel update. Hostgator’s customers were complaning stating that their sites were not loaded or some of their pages loaded trojans if they browsed pages by IE. The issue was solved within 48 days. As they refered the problems were related with the last cPanel update and caused by some php mis configurations.

I found many other broken sites within last days, seems there were “big blust”.
God bless, it pass trhu us.

cPanel is found on about 2.5 million hosts worldwide. The application is widely used by many large hostings, mostly those offering dedicated servers. Its userfriendly interface automates many elements of web site management for resellers and customers.

cPanel email their cusomers patch instuction stating as below:

Due to a recently discovered bug, it will be necessary for users who are running the CURRENT, RELEASE and STABLE branches to run a cPanel software update.

Description: An uncompilied mysqladmin script allowed an exploited copy of MySQL.pm to be places within the directory location of mysqladmin. This copy of MySQL.pm would be given preference by mysqladmin due to the precedence order of perl module searches. A malicious user could then use an exploited copy of MySQL.pm to elevate their system access (including root access). A patch for this issue has been released. Please note that this is a local issue and a system cannot be compromised remotely. The malicious user must have access to an account on the system to take advantage of this script. All cPanel and WHM server will automatically receive a patch for this update. This patch has been applied to most servers and will be applied to the remaining number of servers during the scheduled update on Sunday night, September 25th, 2006. It can be applied manually as per the instructions below. Affected

Systems: All builds on all platforms are vulnerable up to and including (11.0.0 build 492), all builds after that have been fixed. All previous builds after 9.0.0 will be automatically patched by the updater if automatic updates are set.

Fix Details: We recommend updating (if you do not wish to update see the manual patch instructions below) to the latest EDGE or CURRENT build as these builds include the latest security patch as well as additional protection (the underlying wrapper now contains vastly improved input sanitization). To do this, you will need to modify your upgrade settings thorugh the Update Config function in the Server Configuration menu of WebHost Manager. Login to WebHost Manager Naviagte to the the Update Config function in the Server Configuration menu. Change your cPanel/WHM Updates option to CURRENT or bleeding EDGE (Automatic updates recommended). Click on Save Use the Upgrade to Latest Version option within the cPanel menu. You can also apply the patch without updating: You can either run /scripts/upcp from the command line as root, or you can also upgrade from inside WebHostManager by using the Upgrade to Latest Version option within the cPanel menu.