The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Targeted Security Release 2013-06-05 Disclosure

Discussion in 'cPanel Announcements' started by Infopro, Jun 10, 2013.

  1. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The following disclosure covers the Targeted Security Release 2013-06-05.
    Each vulnerability is assigned an internal case number which is reflected below. Information regarding cPanel’s Security Level rankings can be found here: http://go.cpanel.net/securitylevels

    _______________________________

    Case 68189

    Summary
    An arbitrary files read and unlink vulnerability in cPanel, WHM, and Webmail.

    Security Rating
    cPanel has assigned a Security Level of “Important” to this vulnerability.

    Description
    When logged into the cPanel, WHM, or Webmail interfaces an attacker could supply crafted query parameters that appear to be file uploads with unusual paths. In some subsystems, these invalid file upload parameters allowed viewing or deleting the file at the target path.

    This vulnerability was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.38.0.15 and greater
    11.36.1.8 and greater
    11.34.1.18 and greater
    11.32.6.7 and greater

    Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

    _______________________________

    Case 68213

    Summary
    Self-XSS vulnerabilities in cPanel and WHM interfaces.

    Security Rating
    cPanel has assigned a Security Level of “Minor” to this vulnerability.

    Description
    Output filtering errors in the WHM Remote Nameserver interface and the cPanel FTP Management interface allowed JavaScript inputs to be returned to the browser without proper filtering.
    cPanel includes a comprehensive protection mechanism against XSS and XSRF attacks called Security Tokens. Security Tokens protection is enabled by default in all installs of cPanel & WHM. When Security Tokens protection is enabled, an attacker intending to utilize this vulnerability must convince the victim to navigate their browser to the appropriate cPanel or WHM interface and manually input the JavaScript payload.

    This vulnerability was discovered by Pierre Wcy.

    Solution
    This issue is resolved in the following builds:

    11.38.0.15 and greater
    11.36.1.8 and greater
    11.34.1.18 and greater
    11.32.6.7 and greater

    Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

    _______________________________

    Case 68433

    Summary
    An XSS vulnerability in EntropyChat.

    Security Rating
    cPanel has assigned a Security Level of “Minor” to this vulnerability.

    Description
    EntropyChat is a web-based chat server available on cPanel & WHM systems. Output filtering errors in the EntropyChat server allowed one participant in a chat channel to send JavaScript payloads to other active participants in the chat channel.

    This vulnerability was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.38.0.15 and greater
    11.36.1.8 and greater
    11.34.1.18 and greater
    11.32.6.7 and greater

    Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

    _______________________________

    Case 68645

    Summary
    An SQL injection vulnerability in cpmysqladmin.

    Security Rating
    cPanel has assigned a Security Level of “Important” to this vulnerability.

    Description
    Insufficient escaping of the "user" input parameter to multiple cpmysqladmin commands allowed a local attacker to execute arbitrary SQL commands with the MySQL access level of the root user.

    This vulnerability was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.38.0.15 and greater
    11.36.1.8 and greater
    11.34.1.18 and greater
    11.32.6.7 and greater

    Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

    _______________________________

    Case 68733

    Summary
    A WHM arbitrary file read via brandingimg.cgi.

    Security Rating
    cPanel has assigned a Security Level of “Minor” to this vulnerability.

    Description
    An authenticated WHM reseller with limited ACLs could read the contents of arbitrary files on the system by supplying crafted query parameters to brandingimg.cgi. The file read is performed with the effective UID and GID of the reseller. This vulnerability revealed sensitive data only when the reseller had extremely limited access to the local filesystem outside of the WHM interface.

    This vulnerability was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.38.0.15 and greater
    11.36.1.8 and greater
    11.34.1.18 and greater
    11.32.6.7 and greater

    Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

    _______________________________

    Case 68965

    Summary
    Reseller ACL checks were missing from multiple WHM interfaces.

    Security Rating
    cPanel has assigned a Security Level of “Important” to this vulnerability.

    Description
    When creating a reseller account in WHM, the system administrator may limit the WHM functionality that is available to the reseller using the WHM ACL system. Multiple interfaces in WHM were found to lack explicit enforcement of the appropriate reseller ACLs for the functionality they provided. This allowed resellers without appropriate ACLs to enter translated phrases, access disk usage information, view email delivery data, and check for the existence of MySQL users.

    The missing ACL checks in the translation system were discovered by Rack911.
    The remaining missing ACL checks were discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.38.0.15 and greater
    11.36.1.8 and greater
    11.34.1.18 and greater
    11.32.6.7 and greater

    Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at Downloads - cPanel Inc..

    _______________________________

    Questions?: Complimentary support is available to all license holders: Submit a request here.
     
Loading...

Share This Page