omenix

Active Member
Aug 24, 2005
38
0
156
/dev/null
Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.
 

mtindor

Well-Known Member
Sep 14, 2004
1,431
92
178
inside a catfish
cPanel Access Level
Root Administrator
Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.
I'd suggest / ask that you open a ticket with Cpanel at http://tickets.cpanel.net, providing every bit of information you know about said "vulnerability." That would help everyone out.

Thanks!

Mike
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Hello guys,

First of all I'm not sure whether this is the right section to post or not. Please move it somewhere else if needed.. someone has found a vulnerability @ /frontend/x3/stats/lastvisit.html?domain= (Directory traversal) but username/password is required. I hope you guys can release an update as soon as possible for this vulnerability. Thanks.
Please email [email protected] with any details you can provide regarding replicating this issue etc.
 

ehsanix

Member
Mar 3, 2004
13
0
151
I am using (RELEASE tree) : cPanel 11.24.4-R36167 - WHM 11.24.2 - X 3.9

we have this problem. do you think I should use Stable tree instead ?
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
This vulnerability is fixed in EDGE 36912+ and CURRENT 36913+. RELEASE and STABLE will be published soon with the same fix.

The vulnerability allows an authenticated user to view any file he has permission to access. An intrepid user can accomplish something similar by using a CGI or PHP script via Apache. No privilege escalation is involved, hence access to restricted files, such as /etc/shadow, is not possible.
 

nicosoft

Member
Oct 8, 2008
10
0
51
This vulnerability is fixed in EDGE 36912+ and CURRENT 36913+. RELEASE and STABLE will be published soon with the same fix.

The vulnerability allows an authenticated user to view any file he has permission to access. An intrepid user can accomplish something similar by using a CGI or PHP script via Apache. No privilege escalation is involved, hence access to restricted files, such as /etc/shadow, is not possible.
Nice Info, Sir. But Before the RELEASE and STABLE already fix. I have to disable Latest Visitor in the Feature Manager on WHM. Thus, the hole is Minimize. Thank You.:D
 
Last edited:

d_t

Well-Known Member
Sep 20, 2003
245
3
168
Bucharest
An intrepid user can accomplish something similar by using a CGI or PHP script via Apache.
Actually, open_basedir prevent this for mod_php. But indeed, can be done from CGI.

Please let us know when the new release will be available (latest is cPanel 11.24.4-R36167 and has the bug).