The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel TSR-2015-0006 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelCory, Nov 17, 2015.

  1. cPanelCory

    cPanelCory Developer - cPanel Security Team
    Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    cPanel TSR-2015-0006 Full Disclosure

    SEC-29

    Summary

    Sensitive data revealed to subaccounts through comet feeds.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 3.6 (AV:N/AC:H/Au:S/C:P/I:P/A:N)

    Description

    A reseller account could read the comet data intended for the root account and other reseller accounts by subscribing to the wildcard comet channel. Webmail users could similarly read data intended for the cPanel account to which they belonged. All comet data in cPanel, WHM, and Webmail is now restricted to the specific account that created the data.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.52.1.1
    11.52.0.23
    11.50.3.1
    11.48.4.8

    SEC-60

    Summary

    Email sending limit bypass.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

    Description

    The configured email rate limits for an account were not enforced correctly when the account relayed email using an empty envelope sender address.

    Credits

    This issue was discovered by Matt Sheldon.

    Solution

    This issue is resolved in the following builds:
    11.52.1.1
    11.52.0.23
    11.50.3.1
    11.48.4.8

    SEC-64

    Summary

    Unauthenticated arbitrary code execution via DNS NS entry poisoning.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

    Description

    Under some configurations, the server fetches DNS nameserver settings from remote DNS servers when an account is created. The retrieved nameserver records were used in an insecure manner, allowing arbitrary code execution as root during the account creation process.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.52.1.1
    11.52.0.23
    11.50.3.1
    11.48.4.8

    SEC-65

    Summary

    Unauthorized password changes via Webmail API commands.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

    Description

    Inconsistencies in the way Webmail API calls separated email addresses into local and domain portions allowed Webmail users to change the passwords of some other accounts on the system.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.52.1.1
    11.52.0.23
    11.50.3.1
    11.48.4.8

    SEC-66

    Summary

    WHM API allows for unauthorized zone modification.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)

    Description

    Incorrect handling of the 'zone' argument during ownership checks in multiple WHM API calls allowed for unauthorized zone modifications.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.52.1.1
    11.52.0.23
    11.50.3.1
    11.48.4.8

    The PGP-Signed version of this disclosure is located here: https://news.cpanel.com/wp-content/uploads/2015/11/TSR-2015-0006-Disclosure.txt
     
Loading...

Share This Page