Security issue

**omenix** · 06-29-2009 04:57 PM

Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.

**mtindor** · 06-29-2009 05:17 PM

Originally Posted by omenix

Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.

I'd suggest / ask that you open a ticket with Cpanel at http://tickets.cpanel.net, providing every bit of information you know about said "vulnerability." That would help everyone out.

Thanks!

Mike

**cPanelDavidG** · 06-29-2009 05:39 PM

Originally Posted by omenix

Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.

Please email security@cpanel.net with any details you can provide regarding replicating this issue etc.

**omenix** · 06-29-2009 06:31 PM

Thanks. Report has already sent.

**ehsanix** · 06-30-2009 04:02 PM

Any response from Cpanel ?!

**flashweb** · 06-30-2009 08:36 PM

Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)

I run upcp, it still not fixed.

**konrath** · 06-30-2009 10:08 PM

Originally Posted by flashweb

Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)

I run upcp, it still not fixed.

Hello

This bug did not work with me.

cPanel 11.24.4-S36281 - WHM 11.24.2 - X 3.9
REDHAT Enterprise 3 i686 standard on server

Thank you
Konrath

**ehsanix** · 07-01-2009 02:21 AM

I am using (RELEASE tree) : cPanel 11.24.4-R36167 - WHM 11.24.2 - X 3.9

we have this problem. do you think I should use Stable tree instead ?

**cpanelkenneth** · 07-01-2009 09:39 AM

This vulnerability is fixed in EDGE 36912+ and CURRENT 36913+. RELEASE and STABLE will be published soon with the same fix.

The vulnerability allows an authenticated user to view any file he has permission to access. An intrepid user can accomplish something similar by using a CGI or PHP script via Apache. No privilege escalation is involved, hence access to restricted files, such as /etc/shadow, is not possible.

**nicosoft** · 07-01-2009 02:25 PM

Originally Posted by cpanelkenneth

This vulnerability is fixed in EDGE 36912+ and CURRENT 36913+. RELEASE and STABLE will be published soon with the same fix.

The vulnerability allows an authenticated user to view any file he has permission to access. An intrepid user can accomplish something similar by using a CGI or PHP script via Apache. No privilege escalation is involved, hence access to restricted files, such as /etc/shadow, is not possible.

Nice Info, Sir. But Before the RELEASE and STABLE already fix. I have to disable Latest Visitor in the Feature Manager on WHM. Thus, the hole is Minimize. Thank You.

**d_t** · 07-04-2009 07:46 AM

Originally Posted by cpanelkenneth

An intrepid user can accomplish something similar by using a CGI or PHP script via Apache.

Actually, open_basedir prevent this for mod_php. But indeed, can be done from CGI.

Please let us know when the new release will be available (latest is cPanel 11.24.4-R36167 and has the bug).

LinkBack

Thread Tools

Security issue

Security issue?

Is this a security issue?

Security issue

Possible security issue

security issue