Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel mod_php suexec Privilege Escalation Vulnerability

Discussion in 'General Discussion' started by emeric21, May 28, 2004.

  1. emeric21

    emeric21 Well-Known Member

    Joined:
    Aug 5, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    156
    I see that nobody sent that here
    The vulnerability can only be used by local user:

    Translate from french:
    "A local vulnerability was identified in CPANEL, it could be exploited by a user so up his privileges. The problem is at the level of mod_php which uses suexec in a nonprotected way. It is possible to execute a script malicious php with the privileges d'un another users via the variable "PATH_INFO". I ((cached the hack code.)))

    * Vulnerable versions *
    CPANEL 5.X CPANEL 6.X CPANEL 7.X CPANEL 8.X CPANEL 9.X"

    I will sent this to cpanel via my WHM.
     
  2. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Nirvana
    This applies to people running Apache 1.3.29, upgrade to 1.3.31 (via easyapache if you want to) and you will be secure. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. emeric21

    emeric21 Well-Known Member

    Joined:
    Aug 5, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    156
    Yeah,
    Cpanel tech send me this:

    This "vulnerability" had already been resolved. If you are not running the latest version of apache as of April 15th, please run /scripts/easyapache from the root shell.
     
  4. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    428
    Likes Received:
    1
    Trophy Points:
    318
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice