Security issue

[omenix]

Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.

[mtindor]

Quote:

Originally Posted by omenix

Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.

I'd suggest / ask that you open a ticket with Cpanel at http://tickets.cpanel.net, providing every bit of information you know about said "vulnerability." That would help everyone out.

Thanks!

Mike

[cPanelDavidG]

Quote:

Originally Posted by omenix

Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.

Please email security@cpanel.net with any details you can provide regarding replicating this issue etc.

[omenix]

Thanks. Report has already sent.

[ehsanix]

Any response from Cpanel ?!

[flashweb]

Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)

I run upcp, it still not fixed.

[konrath]

Quote:

Originally Posted by flashweb

Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)

I run upcp, it still not fixed.

Hello

This bug did not work with me.

cPanel 11.24.4-S36281 - WHM 11.24.2 - X 3.9
REDHAT Enterprise 3 i686 standard on server

Thank you
Konrath

[ehsanix]

I am using (RELEASE tree) : cPanel 11.24.4-R36167 - WHM 11.24.2 - X 3.9

we have this problem. do you think I should use Stable tree instead ?

[cpanelkenneth]

This vulnerability is fixed in EDGE 36912+ and CURRENT 36913+. RELEASE and STABLE will be published soon with the same fix.

The vulnerability allows an authenticated user to view any file he has permission to access. An intrepid user can accomplish something similar by using a CGI or PHP script via Apache. No privilege escalation is involved, hence access to restricted files, such as /etc/shadow, is not possible.

[nicosoft]

Quote:

Originally Posted by cpanelkenneth

This vulnerability is fixed in EDGE 36912+ and CURRENT 36913+. RELEASE and STABLE will be published soon with the same fix.

The vulnerability allows an authenticated user to view any file he has permission to access. An intrepid user can accomplish something similar by using a CGI or PHP script via Apache. No privilege escalation is involved, hence access to restricted files, such as /etc/shadow, is not possible.

Nice Info, Sir. But Before the RELEASE and STABLE already fix. I have to disable Latest Visitor in the Feature Manager on WHM. Thus, the hole is Minimize. Thank You.

[d_t]

Quote:

Originally Posted by cpanelkenneth

An intrepid user can accomplish something similar by using a CGI or PHP script via Apache.

Actually, open_basedir prevent this for mod_php. But indeed, can be done from CGI.

Please let us know when the new release will be available (latest is cPanel 11.24.4-R36167 and has the bug).