All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
cPanel TSR-2015-0004 Full Disclosure
MarkTurner
Member
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
cPanel TSR-2015-0004 Full Disclosure
SEC-25
Summary
Feature requirements not enforced correctly by adminbins.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Description
Several adminbin scripts did not properly verify the features enabled for the cPanel account running the adminbin script. This allowed cPanel users to perform some configuration functions that were disabled for the account.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
SEC-35
Summary
Arbitrary file overwrite via cpbackup-exclude.conf lock file.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 6.3 (AV:N/AC:M/Au:S/C:N/I:C/A:N)
Description
The cPanel & WHM account backup system allows users to exclude files from backups by placing a file named cpbackup-exclude.conf in the user's home directory. During backup operations, this file was locked, opened, and read by root. An attacker could leverage this behavior to overwrite arbitrary files on the system.
Credits
This issue was discovered by RACK911Labs.com.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
SEC-36
Summary
Arbitrary code execution via relative RPATH in PostgreSQL binaries.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
Description
The incorrect LDFLAGS were passed to the PostgreSQL build process. This resulted in an invalid RPATH being added to the PostgreSQL shared objects and binaries used by cPanel & WHM. An attacker could use this flaw to execute arbitrary code if the binaries or libraries were loaded inside of the attacker's home directory.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
SEC-37
Summary
Disclosure of files owned by nobody.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:P/I:N/A:N)
Description
The cPanel & WHM account backup system records a list of files inside the user's home directory that are owned by the 'nobody' user. The list was generated while running with root privileges. This behavior allowed an attacker to discover the locations of files owned by the 'nobody' user inside paths the attacker could not traverse.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
SEC-38
Summary
Arbitrary file overwrite via passwordforce lock file.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 6.3 (AV:N/AC:M/Au:S/C:N/I:C/A:N)
Description
The forcepasswordchange WHM API call locks, reads, and writes the 'passwordforce' file inside a user's home directory. These operations were performed with root privileges, which allowed an attacker to overwrite arbitrary files on the system.
Credits
This issue was discovered by RACK911Labs.com.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
SEC-39
Summary
Arbitrary file append by updating an account's password.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 6.3 (AV:N/AC:M/Au:S/C:N/I:C/A:N)
Description
When updating an account's password, the .my.cnf file in a user's home directory will be updated with the accounts new password. The modification of the .my.cnf file was being performed with root privileges, which allowed an attacker to append this data to other sensitive files on the system.
Credits
This issue was discovered by RACK911Labs.com.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
SEC-42
Summary
Email sending limits not enforced in jailshell.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Description
The email limits for an account are tracked using file in the /var/cpanel/email_send_limits directory. Inside a jailshell environment this directory was mounted read-only, preventing EXIM from enforcing the configured mail rate limits.
Credits
This issue was discovered by Matt Sheldon.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
SEC-43
Summary
ModSecurity rules not enforced on default virtualhost.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Description
ModSecurity filtering is disabled for web traffic passed to the cPanel, WHM, and Webmail interfaces through proxydomains. The configuration directives used for this purpose incorrectly disabled ModSecurity filtering for all HTTP traffic directed at the server hostname or userdir URLs.
Credits
This issue was discovered by Alex Kwiecinski.
Solution
This issue is resolved in the following builds:
11.50.0.27
11.48.4.6
11.46.3.8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVrqQBAAoJEJUhvtyr2U3fPOwQANI4W9e4MvxdP4RdRxmIVRBs
OJg6KEsYhUMn9jyx9hcRB+e3E7HKtWYKMZamj57/kNVBc8JW0fUwntTeDe1AX8RU
dOJVhGk89quYJ7fB2i6dSlxEI1yHiaV0GKm8Aqxl4nm8fUeEqJALyf2+yoOQk8Jn
1b0SMNWPjgPT7WLmQd04sxnRBQJv1m0iozOpZyxZ1rokoyWNT1rI79ME6+dPMk1d
Qw1GkNoyfd8W0KDdjKqrV6P65Y9nlnE2+/hol9UPUBm4tbTLbZT/DX53xE5QQlFw
ugQhuzFKsGyw96UfvtVy9xSngaugtN0ylrrIbRk+C88ionMCwDc/RQO9XjOJ8Yfl
AoTdLKep5bPPtrgRdYZ6+nwZnWYXbgzu3g2LTGT+IAWj/qHgOv68obFORF04n3Q8
IgR61Y1LY+A6PwLzN2p/JngJiaUrmbhIWNhh2rD9Eben/gZeIGnMM5rSgyITBUCI
OO5TT/Uek+Nt0aa7yHa+yUS7RGZVaJkHPR0YzjC+k+XxsOyMjAAAQ4GcGEZuElrb
ieoN4c+E5af+03pNZTO+RT+VKiX0q9sS+b9VhdcRR2Bmjk0Bo9ybZAh/A7c+E90q
tRwoDPYaeu5dTiw1oDnpg00dip4I970sAsZ6pDP6/zn1Us16q7qJz5JKDqyu2/uJ
9fpgdgK1mP1Wzf/5G7bv
=wwQd
-----END PGP SIGNATURE-----
cPanel, Inc. | 3131 W Alabama Ste 100 | Houston | TX | 77098 | US
