The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel TSR-2015-0005 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelCory, Sep 22, 2015.

  1. cPanelCory

    cPanelCory Developer - cPanel Security Team
    Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    TSR-2015-0005 Full Disclosure

    SEC-44

    Summary

    Open redirect via /unprotected/redirect.html.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

    Description

    The /unprotected/redirect.html URL in cPanel & WHM allowed remote attackers to redirect users to arbitrary web sites.

    Credits

    This issue was discovered by Salman Khan.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31
    11.48.4.7

    SEC-49

    Summary

    Arbitrary file overwrite via WHM /scripts2/edit_sourceipcheck.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:H/Au:S/C:N/I:C/A:N)

    Description

    When modifying the security settings for an account the edit_sourceipcheck() function performed read and write operations with root privileges within the target user's home directory.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31
    11.48.4.7
    11.46.3.9

    SEC-50

    Summary

    Information disclosure via p0f.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:C/A:N)

    Description

    The p0f socket file was configured with permissions that allowed local users to query the connection information without any restrictions.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31

    SEC-51

    Summary

    Self-stored XSS vulnerability in WHM Theme Manager.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Description

    The name of a cPanel theme was not sufficiently encoded when displayed on the WHM Theme Manager interface.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31
    11.48.4.7
    11.46.3.9

    SEC-52

    Summary

    Self-XSS vulnerability in WHM EXIM Configuration Manager.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Description

    Error messages displayed when submitting the WHM Basic Configuration Editor for EXIM were not encoded correctly.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31
    11.48.4.7
    11.46.3.9

    SEC-53

    Summary

    Self-stored XSS vulnerability in WHM View Available Locales.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Description

    Theme names were not properly encoded on the WHM View Available Locales interface.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31
    11.48.4.7
    11.46.3.9

    SEC-54

    Summary

    Arbitrary code execution via BoxTrapper email forwarding.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

    Description

    The BoxTrapper email forwarding logic did not disambiguate destination email addresses from command line arguments when running EXIM to deliver emails.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31
    11.48.4.7
    11.46.3.9

    SEC-55

    Summary

    Self-XSS vulnerability in cPanel Change Password interface.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Description

    The enablemysql parameter was not encoded correctly when reflected in error message.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.50.1.3
    11.50.0.31
    11.48.4.7
    11.46.3.9

    For the PGP-Signed version of this disclosure please visit: http://news.cpanel.com/wp-content/uploads/2015/09/TSR-2015-0005-Disclosure.txt
     
Loading...

Share This Page