The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel TSR-2015-0003 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelCory, May 19, 2015.

  1. cPanelCory

    cPanelCory Developer - cPanel Security Team
    Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    cPanel TSR-2015-0003 Full Disclosure

    SEC-22

    Summary

    Access restrictions on mail routing information not properly enforced.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

    Description

    The WHM, cPanel and Webmail interfaces each provide the ability to trace the route that email delivery takes. This routing information includes details about how email is routed internally on the server for local delivery destinations. Access restrictions were not correctly enforced in these interfaces, allowing users with limited privileges to view the private email routing details of other accounts.

    Credits

    This issue was discovered by Narendra Bhati.

    Solution

    This issue is resolved in the following builds:
    11.48.4.4
    11.46.3.6
    11.44.3.5

    SEC-26

    Summary

    Self XSS Vulnerability in File Manager Upload.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Description

    Error messages generated during a file upload failure may contain the file name. In some circumstances, the file name was not correctly escaped. This allowed javascript in the filename to run in the web browser.

    Credits

    This issue was discovered by Jasminder Pal Singh.

    Solution

    This issue is resolved in the following builds:
    11.48.4.4
    11.46.3.6
    11.44.3.5

    SEC-27

    Summary

    Self Stored XSS in WHM Theme Manager.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Description

    Theme names in the WHM Theme Manager interface were not properly HTML escaped when they were displayed.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.48.4.4
    11.46.3.6
    11.44.3.5

    SEC-32

    Summary

    External XML Entity vulnerability in cPanel WebDAV server.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

    Description

    The method used to protect the cpdavd WebDAV server from XXE injections was incompatible with the version of libxml2 available on RedHat 5 and CentOS 5 systems. As a result, it was possible for a WebDAV virtual account to read arbitrary files in the home directory of the controlling cPanel account.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.48.4.4
    11.46.3.6
    11.44.3.5

    SEC-33

    Summary

    Demo accounts allowed to download arbitrary files.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:P/I:N/A:N)

    Description

    A cPanel account in demo mode was allowed to download arbitrary files from the account's home directory using the getbackup, getsysbackup, and download URLs. These URLs are now restricted to non-demo accounts.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.48.4.4
    11.46.3.6
    11.44.3.5

    SEC-34

    Summary

    Demo accounts allowed to upload temporary files in some interfaces.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

    Description

    The Cpanel::Form module used by cPanel & WHM to parse HTTP parameters and file uploads is designed to prevent demo cPanel accounts from uploading any files to the system. This restriction was not correctly enforced for scripts in the 'base/backend' and 'cgi-sys' directories.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.48.4.4
    11.46.3.6
    11.44.3.5
     
    #1 cPanelCory, May 19, 2015
    Last edited: Jul 20, 2015
Loading...

Share This Page