Newsroom

cPanel TSR-2015-0005 Full Disclosure

TSR-2015-0005 Full Disclosure

SEC-44

Summary

Open redirect via /unprotected/redirect.html.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description

The /unprotected/redirect.html URL in cPanel & WHM allowed remote attackers to redirect users to arbitrary web sites.

Credits

This issue was discovered by Salman Khan.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7

SEC-49

Summary

Arbitrary file overwrite via WHM /scripts2/edit_sourceipcheck.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:H/Au:S/C:N/I:C/A:N)

Description

When modifying the security settings for an account the edit_sourceipcheck() function performed read and write operations with root privileges within the target user’s home directory.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9

SEC-50

Summary

Information disclosure via p0f.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:C/A:N)

Description

The p0f socket file was configured with permissions that allowed local users to query the connection information without any restrictions.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31

SEC-51

Summary

Self-stored XSS vulnerability in WHM Theme Manager.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

Description

The name of a cPanel theme was not sufficiently encoded when displayed on the WHM Theme Manager interface.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9

SEC-52

Summary

Self-XSS vulnerability in WHM EXIM Configuration Manager.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

Description

Error messages displayed when submitting the WHM Basic Configuration Editor for EXIM were not encoded correctly.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9

SEC-53

Summary

Self-stored XSS vulnerability in WHM View Available Locales.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

Description

Theme names were not properly encoded on the WHM View Available Locales interface.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9

SEC-54

Summary

Arbitrary code execution via BoxTrapper email forwarding.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Description

The BoxTrapper email forwarding logic did not disambiguate destination email addresses from command line arguments when running EXIM to deliver emails.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9

SEC-55

Summary

Self-XSS vulnerability in cPanel Change Password interface.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

Description

The enablemysql parameter was not encoded correctly when reflected in error message.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9

For the PGP-Signed version of this disclosure please visit: http://news.cpanel.com/wp-content/uploads/2015/09/TSR-2015-0005-Disclosure.txt