Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel TSR-2015-0001 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelCory, Jan 20, 2015.

  1. cPanelCory

    cPanelCory Release Manager - EasyApache Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    133
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    cPanel TSR-2015-0001 Full Disclosure

    SEC-1

    Summary

    Arbitrary code could be executed as other accounts with RUID2/ITK enabled.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

    Description

    The WHM "Apache mod_userdir Tweak" interface incorrectly allowed the exclusion of specific users from userdir protection when mod_ruid2 or MPM-ITK was in use on the server. With this misconfiguration, the excluded user could execute arbitrary code with the UID and GID of the excluding virtualhost via Apache userdir URLs.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.46.2.2
    11.46.1.6
    11.44.2.4
    11.42.1.30

    SEC-4

    Summary

    Noshell restriction bypass via SFTP connections.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Description

    On cPanel & WHM systems, accounts configured with "noshell" as their login shell may still connect to the server using SFTP. Users connecting in this fashion had access to the /proc filesystem. By modifying '/proc/self/mem', an attacker could execute arbitrary code as if connected via a normal shell.

    Credits

    This issue was discovered by Jann Horn.

    Solution

    This issue is resolved in the following builds:
    11.46.2.2
    11.46.1.6
    11.44.2.4
    11.42.1.30

    SEC-8

    Summary

    Stored XSS vulnerability in cPDAVd directory index functionality.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

    Description

    cPDAVd did not correctly HTML escape filenames included in the HTML it generated for directory indexes. This allowed attackers with the ability to generate files with XSS payloads to conduce stored-XSS attacks against the authenticated cPDAVd user if the user connected with to WebDAV services using a normal web browser.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.46.2.2
    11.46.1.6
    11.44.2.4
    11.42.1.30

    For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2015/01/TSR-2015-0001-Full-Disclosure.txt.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 cPanelCory, Jan 20, 2015
    Last edited: Jul 20, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPanel 2015 0001
  1. JustAGuyUsingWHM

    Problems Detected with cPanel Controlled RPMs

    JustAGuyUsingWHM, May 24, 2019 at 3:27 AM, in forum: General Discussion
    Replies:
    2
    Views:
    153
    cPanelLauren
    May 24, 2019 at 10:46 AM
  2. Nabbello

    Install wp-cli on cPanel?

    Nabbello, May 22, 2019 at 11:05 AM, in forum: General Discussion
    Replies:
    9
    Views:
    148
    cPanelLauren
    May 23, 2019 at 8:36 AM
  3. CollectifHub

    In Progress Move an ASPX site to cPanel?

    CollectifHub, May 22, 2019 at 11:00 AM, in forum: Migrate to cPanel
    Replies:
    1
    Views:
    39
    GOT
    May 22, 2019 at 12:28 PM
  4. Edward_

    Can't login to cPanel or Webmail

    Edward_, May 21, 2019 at 8:37 PM, in forum: General Discussion
    Replies:
    4
    Views:
    161
    cPanelLauren
    May 22, 2019 at 12:11 PM
  5. zylstra

    In Progress Why does cPanel not set -f user@domain.tld by default?

    zylstra, May 21, 2019 at 6:28 PM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    130
    zylstra
    May 21, 2019 at 6:28 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice