cPanel TSR-2021-0004 Full Disclosure
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel TSR-2021-0004 Full Disclosure
SEC-585
Summary
WHM Locale Upload allows vulnerable to XXE and unserialization attacks.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Description
The WHM Local Upload functionality allows for arbitrary XML documents to be uploaded. These documents may be serialized Perl object data. These documents may include references to external entities and/or be recorded as blessed Perl objects. This may lead to arbitrary file read/writes and/or code execution.
Credits
This issue was discovered by Adrian Tiron, Fortbridge (http://www.fortbridge.co.uk ).
Solution
This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13
SEC-586
Summary
Insecure temporary file creation in scripts/fix-cpanel-perl.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Description
The scripts/fix-cpanel-perl script creates temporary files and directories in a predictable location. An attacker could create these directories before the script executes in order to execute arbitrary code.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.96.0.13
SEC-587
Summary
The fix-cpanel-perl script does not verify download integrity.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Description
In some situations, the fix-cpanel-perl script does not verify signatures on files downloaded from the cPanel mirrors. This could allow for an attacker to execute arbitrary code in the event of a MITM attack.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.96.0.13
SEC-588
Summary
Insecure file overwrite in scripts/fix-cpanel-perl.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Description
The scripts/fix-cpanel-perl script can create a file in the current working directory. If the script is run from within a user-controlled directory, it may be possible to overwrite an arbitrary file with known content.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.96.0.13
SEC-589
Summary
Insecure file operations performed by /scripts/cpan_config.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Description
The /scripts/cpan_config script perfumes insecure file operations within the current working directory. If run in a user-controlled directory, it is possible for an attacker to overwrite arbitrary files.
Credits
This issue was discovered by Patrick William - Rack911 Labs.
Solution
This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13
For information on cPanel & WHM Versions and the Release Process, read our documentation at: https://go.cpanel.net/versionformat
For the PGP-Signed message please see the linked document here.
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
cPanel TSR-2021-0004 Full Disclosure
SEC-585
Summary
WHM Locale Upload allows vulnerable to XXE and unserialization attacks.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Description
The WHM Local Upload functionality allows for arbitrary XML documents to be uploaded. These documents may be serialized Perl object data. These documents may include references to external entities and/or be recorded as blessed Perl objects. This may lead to arbitrary file read/writes and/or code execution.
Credits
This issue was discovered by Adrian Tiron, Fortbridge (http://www.fortbridge.co.uk ).
Solution
This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13
SEC-586
Summary
Insecure temporary file creation in scripts/fix-cpanel-perl.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Description
The scripts/fix-cpanel-perl script creates temporary files and directories in a predictable location. An attacker could create these directories before the script executes in order to execute arbitrary code.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.96.0.13
SEC-587
Summary
The fix-cpanel-perl script does not verify download integrity.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Description
In some situations, the fix-cpanel-perl script does not verify signatures on files downloaded from the cPanel mirrors. This could allow for an attacker to execute arbitrary code in the event of a MITM attack.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.96.0.13
SEC-588
Summary
Insecure file overwrite in scripts/fix-cpanel-perl.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Description
The scripts/fix-cpanel-perl script can create a file in the current working directory. If the script is run from within a user-controlled directory, it may be possible to overwrite an arbitrary file with known content.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.96.0.13
SEC-589
Summary
Insecure file operations performed by /scripts/cpan_config.
Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Description
The /scripts/cpan_config script perfumes insecure file operations within the current working directory. If run in a user-controlled directory, it is possible for an attacker to overwrite arbitrary files.
Credits
This issue was discovered by Patrick William - Rack911 Labs.
Solution
This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13
For information on cPanel & WHM Versions and the Release Process, read our documentation at: https://go.cpanel.net/versionformat
For the PGP-Signed message please see the linked document here.