The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel mod_php suexec Privilege Escalation Vulnerability

Discussion in 'General Discussion' started by emeric21, May 28, 2004.

  1. emeric21

    emeric21 Well-Known Member

    Joined:
    Aug 5, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    I see that nobody sent that here
    The vulnerability can only be used by local user:

    Translate from french:
    "A local vulnerability was identified in CPANEL, it could be exploited by a user so up his privileges. The problem is at the level of mod_php which uses suexec in a nonprotected way. It is possible to execute a script malicious php with the privileges d'un another users via the variable "PATH_INFO". I ((cached the hack code.)))

    * Vulnerable versions *
    CPANEL 5.X CPANEL 6.X CPANEL 7.X CPANEL 8.X CPANEL 9.X"

    I will sent this to cpanel via my WHM.
     
  2. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    This applies to people running Apache 1.3.29, upgrade to 1.3.31 (via easyapache if you want to) and you will be secure. ;)
     
  3. emeric21

    emeric21 Well-Known Member

    Joined:
    Aug 5, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Yeah,
    Cpanel tech send me this:

    This "vulnerability" had already been resolved. If you are not running the latest version of apache as of April 15th, please run /scripts/easyapache from the root shell.
     
  4. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page