Featured Item

cPanel TSR-2015-0002 Full Disclosure

cPanel TSR-2015-0002 Full Disclosure

SEC-2

Summary

Multiple vulnerabilities via ExpVar overexpansion.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Description

The WHM, cPanel, and Webmail interfaces use a common routine named “expvar” for interpolating user input and some cPanel template variables. In many interfaces, this function could be tricked into over interpolating user-supplied inputs to bypass context specific escaping or execute arbitrary code across privilege boundaries.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-3

Summary

Arbitrary code execution via secondary ExpVar expansion in API2 engine.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Description

The WHM, cPanel, and Webmail interfaces use a common routine named “expvar” for interpolating user input and some cPanel template variables. In the cPanel API2 templating and tag engine, this function was called on tainted data returned from API2 calls which allowed the execution of arbitrary code across privilege boundaries.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-6

Summary

Security token disclosed during xfer logins.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Description

When doing an xfer login from WHM to cPanel or from cPanel to a webmail virtual user, the security token was disclosed to the lesser privileged user. This allowed possible XSRF attacks into the higher privileged interface.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-9

Summary

Limited path traversal and configuration leak in Mailman Cache Regeneration.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:P/I:N/A:N)

Description

When regenerating the Mailman mailing list configuration cache for a user, a list of mailing list names is provided. These mailing list names were not checked for validity or ownership. This allowed an attacker to test for the existence of files on the system or display a limited set of configuration keys for arbitrary mailing lists.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-10

Summary

Format string vulnerability in maketext API1 function.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Description

cPanel & WHM uses the Locale::Maketext Perl library to provide translations for users. Locale::Maketext is vulnerable to string attacks if an untrusted user is allowed to provide the maketext format string. cPanel and Webmail accounts were allowed to call this function directly using remote API1 commands. With specially crafted format strings, this allowed webmail virtual accounts to run arbitrary code with the effective UID and GID of the cPanel account that owned the virtual account.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-12

Summary

Limited arbitrary file chmod in cpsrvd.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Description

There was a race condition during a chmod call after a UID/GID switch to the app user. This allowed an authenticated attacker to chmod arbitrary files on the server using the privileges of the app user.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-13

Summary

Convertmaildir script reveals contents of arbitrary directories.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:P/I:N/A:N)

Description

When converting from an mbox-file type email account, the convertmaildir script reads the content of a user’s ~/mail directory. This directory read was performed as root. By creating a symlink to another directory, the script could be tricked into revealing the file names contained within the target location.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-15

Summary

Stored XSS in /frontend/x3/stats/lastvisit_legacy.html.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description

The “Legacy” Latest-Visitors page in X3 includes generated links to the referring URIs of website visitors. An attacker could insert values into the referrer string that would cause arbitrary javascript to run when the links were clicked.

Credits

This issue was discovered by Mateusz Goik.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-16

Summary

Stored XSS in /cgi-sys/guestbook.cgi.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description

The cPanel Guestbook allows visitors to include a link-back URL on submitted entries. An attacker could insert arbitrary Javascript into this URL, which would run when clicked by other visitors to the guestbook.

Credits

This issue was discovered by Mateusz Goik.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-17

Summary

Arbitrary code execution via ExpVar expansion in UI_finishaction API1 command.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 3.6 (AV:N/AC:H/Au:S/C:P/I:P/A:N)

Description

The WHM, cPanel, and Webmail interfaces use a common routine named “expvar” for interpolating user input and some cPanel template variables. In the cPanel UI_finishaction API1 call, the function was called on tainted data provided by the cPanel user allowing the execution of arbitrary code that could bypass demo or jailshell account restrictions.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-18

Summary

Self-XSS vulnerability in /backend/mailappsetup.cgi.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

Description

The mailappsetup.cgi script generates a ZIP file containing a user’s configuration data for Mail.app. The name of this ZIP file is generated based upon query parameters passed to the script. These parameters were not sufficiently sanitized. An attacker could use these parameters to conduct an HTTP response splitting attack to inject arbitrary HTTP headers and HTML content into the response returned by the server.

Credits

This issue was discovered by Mateusz Goik.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-19

Summary

Self-XSS in multiple interfaces via QUERY_STRING.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

Description

Multiple interfaces within cPanel and WHM reflected the raw QUERY_STRING back to the browser. This raw QUERY_STRING was not processed or encoded beyond the URI encoding performed by the browser itself. Some browsers encode only a limited set of characters in query strings, allowing unsafe javascript to be injected into the rendered page.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-20

Summary

Arbitrary code execution for webmail accounts via printhelp API1 command.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Description

The printhelp API1 function expanded arguments passed to it with ExpVar twice. By passing a carefully crafted request to a webmail page utilizing this function, a webmail virtual account could execute arbitrary code as the cPanel user.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.48.1.3
11.46.3.1
11.44.3.1

SEC-21

Summary

Reflected XSS vulnerability in /whm, /cpanel, and /webmail redirects.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description

The standard redirects from Apache into cPanel & WHM services retain portions of the URI provided by the user. This data was not correctly escaped for rendering into a javascript string, allowing unsafe javascript to be injected into the rendered page for some browsers.

Credits

This issue was discovered by Trustwave.

Solution

This issue is resolved in the following builds:
11.48.1.3

The PGP-Signed message can be read here: http://cpanel.net/wp-content/uploads/2015/03/TSR-2015-0002-Disclosure.txt

Posted in: News, Security | Tagged: , ,
Featured Item

11.48 Now in STABLE Tier

Introducing cPanel & WHM 11.48

cPanel, Inc. has released cPanel & WHM software version 11.48 in the STABLE tier.

You’re In Control
The newest version of cPanel & WHM has arrived and it’s filled with exciting new updates for both hosting providers and website owners. With advances in both mail and security, along with bolder branding opportunities, users will gain even more control of their cPanel experience in this latest version.

Reinforced Security
cPanel & WHM 11.48 includes a stronger, more comprehensive security package that incorporates the latest in OWASP ModSecurity rules. With the addition of updates to our brute force protection system, cPHulk, this version promises to be our safest, most secure release to date.

Bolder Branding
Hosting providers have increased brand visibility now that Paper Lantern has been extended into cPanel Webmail. In addition, the classic X3 layout is available as a Paper Lantern style for users who miss the classic feel of cPanel.

More From Mail
Along with increasing the mailbox quota from 2GB to 4TB on 64-bit systems, cPanel & WHM users can offer their customers the freedom to use unique SSL certifications on their domain and mail servers.

MariaDB 10.0
MariaDB, an enhanced drop-in replacement for MySQL, has been included in cPanel & WHM 11.48, thanks to our friendly cPanel Feature Requests constituents.

Detailed information on all cPanel & WHM 11.48 features can be found at cPanel Documentation. An overview of the latest features and benefits is also available at cPanel Releases.

To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the “Security Advisories and Product Release Announcements” mailing list at cPanel Mailing Lists.

Posted in: News, Release Announcements | Tagged: , , ,

EasyApache 3.28.5 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.28.5 with PHP versions 5.4.39 and 5.5.23. This release addresses vulnerabilities related to CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331 by fixing bugs in the Core module, ereg function and ZIP library. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.39 and all PHP 5.5 users to upgrade to version 5.5.23.

AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.38
All versions of PHP 5.5 through version 5.5.22

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2015-0231 – HIGH

PHP 5.4.39
Fixed bug in the Core module related to CVE-2015-0231

PHP 5.5.23
Fixed bug in the Core module related to CVE-2015-0231

CVE-2015-2305 – MEDIUM

PHP 5.4.39
Fixed bug in the ereg function related to CVE-2015-2305

PHP 5.5.23
Fixed bug in the ereg function related to CVE-2015-2305

CVE-2015-2331 – MEDIUM

PHP 5.4.39
Fixed bug in the ZIP library related to CVE-2015-2331

PHP 5.5.23
Fixed bug in the ZIP library related to CVE-2015-2331

SOLUTION
cPanel, Inc. has released EasyApache 3.28.5 with an updated version of PHP 5.4.39 and PHP 5.5.23. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0231

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2305

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2331

http://php.net/ChangeLog-5.php

For the PGP-signed message, see EA 3-28-5 CVE-signed

Posted in News, Software Updates | Tagged: , , , ,

cPanel TSR-2015-0002 Announcement

cPanel TSR-2015-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having CVSSv2 scores ranging from 2.1 to 6.4.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.48.1.3 & Greater
* 11.46.3.1 & Greater
* 11.44.3.1 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 14 vulnerabilities in cPanel & WHM software versions 11.48, 11.46, and 11.44.

Additional information is scheduled for release on March 17th, 2015.

For information on cPanel & WHM Versions and the Release Process, read our documentation at:

http://go.cpanel.net/versionformat

For the PGP-Signed message, see: http://cpanel.net/wp-content/uploads/2015/03/TSR-2015-0002-Announcement.txt

If you would like to sign up for Security notices, please go to https://cpanel.net/mailing-lists.

Posted in News, Security | Tagged: , ,

EasyApache 3.28.4 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.28.4 with PHP versions 5.4.38 and 5.5.22. This release addresses vulnerabilities related to CVE-2015-0235 and CVE-2015-0273 by fixing bugs in the Core module. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.38 and all PHP 5.5 users to upgrade to version 5.5.22.

AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.37
All versions of PHP 5.5 through version 5.5.21.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2015-0235 – HIGH

PHP 5.4.38
Fixed bug in the Core module related to CVE-2015-0235

PHP 5.5.22
Fixed bug in the Core module related to CVE-2015-0235

CVE-2015-0273 – MEDIUM

PHP 5.4.38
Fixed bug in the Core module related to CVE-2015-0273

PHP 5.5.22
Fixed bug in the Core module related to CVE-2015-0273

SOLUTION
cPanel, Inc. has released EasyApache 3.28.4 with an updated version of PHP 5.4.38 and PHP 5.5.22. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0273

http://php.net/ChangeLog-5.php

For the PGP-signed message, see EA 3-28-4 CVE-signed

Posted in News, Software Updates | Tagged: , , , ,

11.42 Now EOL

cPanel & WHM software version 11.42 has now reached End of Life.

Continue reading

Posted in News, Release Announcements | Tagged: , ,

11.48 Now in RELEASE Tier

Introducing cPanel & WHM 11.48

cPanel, Inc. has released cPanel & WHM software version 11.48 in the RELEASE tier.

You’re In Control
The newest version of cPanel & WHM has arrived and it’s filled with exciting new updates for both hosting providers and website owners. With advances in both mail and security, along with bolder branding opportunities, users will gain even more control of their cPanel experience in this latest version.

Continue reading

Posted in News, Release Announcements | Tagged: ,

EasyApache 3.28.3 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.28.3 with Apache version 2.4.12. This release addresses vulnerabilities related to CVE-2014-3583, CVE-2014-3581, CVE-2014-8109, and CVE-2013-5704. We strongly encourage all Apache 2.4 users to upgrade to version 2.4.12.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

11.48 Now in CURRENT Tier

Introducing cPanel & WHM 11.48

cPanel, Inc. has released cPanel & WHM software version 11.48 in the CURRENT tier.

Continue reading

Posted in News, Release Announcements | Tagged: , ,

EasyApache 3.28.2 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.28.2 with PHP versions 5.4.37 and 5.5.21. This release addresses vulnerabilities related to CVE-2015-0231, CVE-2014-9427, and CVE-2015-0232 by fixing bug in the Core module, Exif extension, and CGI. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.37 and all PHP 5.5 users to upgrade to version 5.5.21.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,
Page 1 of 3412345...102030...Last »