Community Forums
Connect with us on LinkedIn
Bugtraq: cPanel hardlink chown issue
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 10-18-2004 12:57 PM #1
    bashprompt18
    bashprompt18 is offline
    Member
    Join Date
    Jun 2004
    Location
    Garden Valley, Ca
    Posts
    31

    Default Bugtraq: cPanel hardlink chown issue

    Name: cPanel
    Vendor URL: http://www.cpanel.net
    Author: Karol Więsek <appelast@drumnbass.art.pl>
    Date: July 31, 2004

    Issue:
    cPanel allows logged in users to change ownership of any file to their
    uid:gid.

    Description:
    cPanel is a next generation web hosting control panel system. cPanel is
    extremely feature rich as well as include an easy to use web based
    interface (GUI). cPanel is designed for the end users of your system and
    allows them to control everything from adding / removing email accounts
    to administering MySQL databases.

    Details:
    cPanel allows users to turn on/off front fage extensions. It is done
    with effective uid of system administrator ( root ). During this process
    is created special .htaccess file, and then it is chown() to target
    user. Attacker could link .htaccess to any file in the same partition,
    thus it will be chown()ed.

    Exploit:
    To exploit this vulnerability just link file you want to grab to
    .htaccess in users public_html, and execute installation of frontpage
    extensions.

    Tested on cPanel 9.4.1-RELEASE-64, and confirmed vulnerable.
    Reply With Quote Reply With Quote
  2. 10-18-2004 04:08 PM #2
    AbeFroman
    AbeFroman is offline
    BANNED
    Join Date
    Feb 2002
    Posts
    656

    Default

    Did cpanel release a fix for this yet?
    Reply With Quote Reply With Quote
  3. 10-18-2004 04:53 PM #3
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    They're working on it:
    http://forums.cpanel.net/showthread.php?t=30800
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
«   Mysql on dedicated server - phpmyadmin probs | phpbb autoinstallation is not working »     
Similar Threads & Tags
Similar threads

  1. Hardlink instead of copy in pkgacct
    By Doobla in forum Archived Feature Requests
    Replies: 16
    Last Post: 03-28-2011, 04:42 PM
  2. Big Problems - CHOWN Issue
    By bgqs in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 02-27-2009, 07:08 AM
  3. CPanel Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 20683
    By dlennon in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 10-26-2006, 10:07 AM
  4. Bugtraq: cPanel hardlink backup issue
    By bashprompt18 in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 10-18-2004, 12:55 PM
  5. another bugtraq security issue, is this for real?
    By denisdekat09 in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 06-27-2004, 11:53 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube