Exploit : Fetch other users' email addresses on older cPanel Builds

acenetryan

Well-Known Member
PartnerNOC
Aug 21, 2005
197
1
168
This problem appears to stem from incorrect permissions on the .cpanel/ folder in older cPanel builds. In a past version, cPanel adjusted how .cpanel/ is created and what permissions it gets. At some point in the past, this folder was created with 755 permissions. It is now created with 700. cPanel staff was unable to find a changelog entry so I can't give a specific date on when this change occurred.

If you are running a server which has been live for a few years, you will want to ensure your permissions on .cpanel/ are set to 700 for all accounts on the server. This should do it for you:

Code:
chmod 700 /home/*/.cpanel
If older users have 755 permissions on the .cpanel/ folder, it is possible for any user on the server to fetch those users' .cpanel/email_accounts.yaml file and get a list of all valid email addresses.
 

InterServed

Well-Known Member
Jul 10, 2007
268
14
68
cPanel Access Level
DataCenter Provider
Thank you for the report , i have found numerous accounts having the folder permission set to 755.

made & used the following script to set it to 700:

Code:
#!/bin/bash
ls /var/cpanel/users | while read a; do
if [ -d "/home/$a/.cpanel" ] ;
then
  echo ".cpanel directory found on user $a"
  echo "Setting permission for /home/$a/.cpanel to 700"
  /bin/chmod 700 "/home/$a/.cpanel"
#remove following echo line if u want faster processing
  echo -e "\ndone\n"; sleep 2
fi
done
echo -e "\nAll folders permission has been set. Script finished"
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
As I mentioned in PM to rking, I've moved this thread to the security section of the forum due to the topic.