Important: cPanel Security Disclosure TSR-2013-0007

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
The following disclosure covers the Targeted Security Release 2013-06-26.
Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here: http://go.cpanel.net/securitylevels

_______________________________

Case 71193

Summary
Local cPanel users are able to take over ownership of any file or directory on the system.

Security Rating
cPanel has assigned a Security Level of Important to this vulnerability.

Description
The log processing subsystem, cpanellogd, on cPanel & WHM servers offers an option for users to create an archive of their domain’s access logs in their home directory. During the preparatory steps for archiving, Cpanel::Logs::prep_logs_path performs a variety of checks to ensure a proper operating environment exists. A number of these checks are performed by a root-privileged process on files and directories in a user’s home directory. A malicious user could take advantage of this behavior to take ownership of important files on the same file system as his home directory.

This issue was discovered by the cPanel Security Team.

Solution
This issue is resolved in the following builds:

* 11.38.1.4 and greater
* 11.38.0.19 and greater
* 11.36.1.9 and greater
* 11.34.1.17 and greater
* 11.32.6.8 and greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

_______________________________

Case 71109

Summary
Local cPanel users are able to take over ownership of any file or directory on the system.

Security Rating
cPanel has assigned a Security Level of Important to this vulnerability.

Description
The log processing subsystem, cpanellogd, on cPanel & WHM servers offers an option for users to create an archive of their domain’s access logs in their home directory. When cpanellogd creates these archives, some operations are performed by a root-privileged process in the user’s home directory. Through the use of a carefully crafted hard link a malicious user could take advantage of this behavior to take ownership of any file on the same file system as his home directory.

This issue was discovered by the cPanel Security Team.

Solution
This issue is resolved in the following builds:

* 11.38.1.4 and greater
* 11.38.0.19 and greater
* 11.36.1.9 and greater
* 11.34.1.17 and greater
* 11.32.6.8 and greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

_______________________________

Questions?: Complimentary support is available to all license holders: Submit a request here.