Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel TSR-2018-0006 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelJackson, Nov 20, 2018.

  1. cPanelJackson

    cPanelJackson Release Manager
    Staff Member

    Joined:
    Aug 12, 2010
    Messages:
    42
    Likes Received:
    11
    Trophy Points:
    133
    cPanel Access Level:
    Root Administrator
    cPanel TSR-2018-0006 Full Disclosure

    SEC-366

    Summary

    PostgreSQL password changes performed in an insecure manner.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

    Description

    When using the WHM 'Configure PostgreSQL' interface to change the primary PostgreSQL password, it was possible for unauthorized users to log into PostgreSQL and change the password to their own value, ignoring the password entered in WHM.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-452

    Summary

    Unauthenticated remote code execution via mailing list attachments.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

    Description

    In certain situations, it is possible for Mailman to preserve the extension of PHP script attachments. When attempting to view these attachments, the script can be executed, allowing for arbitrary code to be executed on the server by attackers who are able to send mail to the list.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-454

    Summary

    Virtual FTP accounts remain after their domain is removed.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

    Description

    Virtual FTP accounts created by cPanel users are mapped to specific domains in the FTP password files. In some configurations, it was possible to authenticate as a virtual FTP account after the domain of the FTP account was removed from the system.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-459

    Summary

    Self-XSS Vulnerability in WHM Additional Backup Destination.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

    Description

    Errors from the backend APIs used by this interface did not apply context-appropriate encoding. Because of this it was possible for an attacker to inject arbitrary code into the rendered interface with a crafted error message.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-461

    Summary

    Stored XSS in WHM 'Reset a DNS Zone'.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

    Description

    When resetting a DNS zone, the new zone is displayed to the user without applying context-appropriate escapting. Because of this, an attacker was able to inject arbitrary code in the rendered page.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-462

    Summary

    Open redirect when resetting connections.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

    Description

    When cpsrvd determines that it is necessary to reset a HTTP connection, it sends a 307 or 308 redirect response to the client. The Location header specified in this response was not escaped correctly and could be used by an attacker as an open redirect.

    Credits

    This issue was discovered by Ian Dunn of Wordpress.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-464

    Summary

    Stored XSS in WHM MultiPHP Manager interface.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

    Description

    The errors generated by the WHM MultiPHP Manager interface did not apply context-appropriate escaping. Because of this, it was possible for an attacker to generate an error message containing arbitrary code in the rendered page.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-465

    Summary

    Arbitrary code execution as root via dnssec adminbin.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 7.8 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

    Description

    The dnssec adminbin did not adequately validate the nsec_config or algo_config parameters. By injecting malicious data into these parameters, it was possible for attacker to execute arbitrary code on the system.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    SEC-467

    Summary

    WebDAV backup transport writes debug files containing sensitive information.

    Security Rating

    cPanel has assigned this vulnerability a CVSSv3 score of 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Description

    The WebDAV backup transport module enabled debug logging in HTTP::DAV. This debug information was written to a hardcoded file in an unsafe location. This file contained sensitive information. This could allow an attacker access to the remote WebDAV server.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    76.0.8
    74.0.11
    70.0.61

    For the PGP-Signed version of this announcement please see: https://news.cpanel.com/wp-content/uploads/2018/11/TSR-2018-0006.disclosure.signed.txt
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice