The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel TSR-2016-0005 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelCory, Sep 20, 2016.

  1. cPanelCory

    cPanelCory Developer - cPanel Security Team
    Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    cPanel TSR-2016-0005 Full Disclosure

    SEC-141

    Summary

    Code execution as other accounts via mailman list archives.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

    Description

    The sticky-group bit applied to mailman's list archive directories allowed list owners to modify the contents of these directories. This could be used to execute arbitrary code as other accounts on the system.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.29
    11.56.0.34
    11.54.0.29
    11.52.6.6

    SEC-152

    Summary

    Arbitrary code execution due to faulty shebang in Mail::SPF scripts.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)

    Description

    The scripts provided with the Mail::SPF Perl module in cPanel & WHM used /usr/bin/perl rather than /usr/local/cpanel/3rdparty/bin/perl as their interpreter. If executed in an unsafe directory, this could cause untrusted code to load and execute.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.29
    11.56.0.34
    11.54.0.29
    11.52.6.6

    SEC-154

    Summary

    Arbitrary file read due to multipart form processing error.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)

    Description

    The Cpanel::Form::parseform() function was found to mishandle some invalid combinations of multipart form data in ways that allowed the reading of arbitrary files in several WHM interfaces.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.29
    11.56.0.34
    11.54.0.29
    11.52.6.6

    SEC-156

    Summary

    Stored XSS Vulnerability in WHM tail_upcp2.cgi interface.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

    Description

    The tail_upcp2.cgi script displays the log output of the cPanel & WHM update process. The output includes portions of log files that contain untrusted data. In some cases, this untrusted output was not properly escaped.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.58.0.29
    11.56.0.34
    11.54.0.29
    11.52.6.6

    For the PGP-Signed version of this disclosure please visit https://news.cpanel.com/wp-content/uploads/2016/09/TSR-2016-0005.disclosure.txt
     
Loading...

Share This Page