The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bugtraq: cPanel hardlink chown issue

Discussion in 'General Discussion' started by bashprompt18, Oct 18, 2004.

  1. bashprompt18

    bashprompt18 Active Member

    Joined:
    Jun 27, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Garden Valley, Ca
    Name: cPanel
    Vendor URL: http://www.cpanel.net
    Author: Karol Więsek <appelast@drumnbass.art.pl>
    Date: July 31, 2004

    Issue:
    cPanel allows logged in users to change ownership of any file to their
    uid:gid.

    Description:
    cPanel is a next generation web hosting control panel system. cPanel is
    extremely feature rich as well as include an easy to use web based
    interface (GUI). cPanel is designed for the end users of your system and
    allows them to control everything from adding / removing email accounts
    to administering MySQL databases.

    Details:
    cPanel allows users to turn on/off front fage extensions. It is done
    with effective uid of system administrator ( root ). During this process
    is created special .htaccess file, and then it is chown() to target
    user. Attacker could link .htaccess to any file in the same partition,
    thus it will be chown()ed.

    Exploit:
    To exploit this vulnerability just link file you want to grab to
    .htaccess in users public_html, and execute installation of frontpage
    extensions.

    Tested on cPanel 9.4.1-RELEASE-64, and confirmed vulnerable.
     
  2. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Did cpanel release a fix for this yet?
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
Loading...

Share This Page