The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel TSR-2016-0004 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelCory, Jul 19, 2016.

  1. cPanelCory

    cPanelCory Developer - cPanel Security Team
    Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    cPanel TSR-2016-0004 Full Disclosure

    SEC-130

    Summary

    Apache logfiles start with loose permissions.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:L/AC:L/Au:S/C:P/I:N/A:N)

    Description

    The Apache domlogs were originally populated with loose permissions during creation.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.4
    11.56.0.27
    11.54.0.26
    11.52.6.2

    SEC-133

    Summary

    WHM 'Purchase and Install an SSL Certificate' page lists all server domains.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

    Description

    Under the WHM 'Purchase and Install an SSL Certificate' page, resellers could view all domains present on the server, rather than just those that they own. This could be used for domain name enumeration.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.4
    11.56.0.27

    SEC-134

    Summary

    File ownership change to 'nobody' via rearrangeacct.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 3.6 (AV:N/AC:H/Au:S/C:P/I:P/A:N)

    Description

    The method used to re-assign ownership of files to the 'nobody' user in rearrangeacct was subject to a time-of-check/time-of-use vulnerability. It was possible for an attacker to take limited advantage of this to cause the ownership of a file to be assigned to the 'nobody' user.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.4
    11.56.0.27

    SEC-137

    Summary

    Set the pear tmp directory during php install.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 1.0 (AV:L/AC:H/Au:S/C:N/I:P/A:N)

    Description

    When pear is installed, the default tmp directory was under /tmp. Other RPM's use pear and write predictable tmp files. The tmp directory was moved to /root to prevent anyone from tampering with these files.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.4
    11.56.0.27
    11.54.0.26
    11.52.6.2

    SEC-138

    Summary

    Demo mode breakout via Site Templates and Boxtrapper API calls.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

    Description

    Using a combination of the Site Templates and Boxtrapper API calls, it was possible to create a php file and have it placed in the account's home directory. This allowed for an attacker to break out of a demo mode account.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.4
    11.56.0.27

    SEC-139

    Summary

    Improper session handling for shared users.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

    Description

    The session storage location for the shared PHP web applications that run under cpsrvd was misconfigured. This allowed certain types of PHP object injection attacks.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.4
    11.56.0.27
    11.54.0.26

    SEC-142

    Summary

    Code execution as other user accounts through the PHP CGI handler.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

    Description

    Under some configurations the CGI PHP handler would execute PHP scripts as the wrong user and group.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.4
    11.56.0.27
    11.54.0.26
    11.52.6.2

    For the PGP-Signed version of this document please visit https://news.cpanel.com/wp-content/uploads/2016/07/TSR-2016-0004.disclosure.txt
     
Loading...

Share This Page