Newsroom

cPanel TSR-2016-0005 Full Disclosure

September 20, 2016

cPanel TSR-2016-0005 Full Disclosure

SEC-141

Summary

Code execution as other accounts via mailman list archives.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Description

The sticky-group bit applied to mailman’s list archive directories allowed list owners to modify the contents of these directories. This could be used to execute arbitrary code as other accounts on the system.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6

SEC-152

Summary

Arbitrary code execution due to faulty shebang in Mail::SPF scripts.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)

Description

The scripts provided with the Mail::SPF Perl module in cPanel & WHM used /usr/bin/perl rather than /usr/local/cpanel/3rdparty/bin/perl as their interpreter. If executed in an unsafe directory, this could cause untrusted code to load and execute.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6

SEC-154

Summary

Arbitrary file read due to multipart form processing error.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)

Description

The Cpanel::Form::parseform() function was found to mishandle some invalid combinations of multipart form data in ways that allowed the reading of arbitrary files in several WHM interfaces.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6

SEC-156

Summary

Stored XSS Vulnerability in WHM tail_upcp2.cgi interface.

Security Rating

cPanel has assigned this vulnerability a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description

The tail_upcp2.cgi script displays the log output of the cPanel & WHM update process. The output includes portions of log files that contain untrusted data. In some cases, this untrusted output was not properly escaped.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6

For the PGP-Signed version of this disclosure please visit https://news.cpanel.com/wp-content/uploads/2016/09/TSR-2016-0005.disclosure.txt