-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 cPanel TSR-2015-0005 Full Disclosure SEC-44 Summary Open redirect via /unprotected/redirect.html. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) Description The /unprotected/redirect.html URL in cPanel & WHM allowed remote attackers to redirect users to arbitrary web sites. Credits This issue was discovered by Salman Khan. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 11.48.4.7 SEC-49 Summary Arbitrary file overwrite via WHM /scripts2/edit_sourceipcheck. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:H/Au:S/C:N/I:C/A:N) Description When modifying the security settings for an account the edit_sourceipcheck() function performed read and write operations with root privileges within the target user's home directory. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 11.48.4.7 11.46.3.9 SEC-50 Summary Information disclosure via p0f. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:C/A:N) Description The p0f socket file was configured with permissions that allowed local users to query the connection information without any restrictions. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 SEC-51 Summary Self-stored XSS vulnerability in WHM Theme Manager. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N) Description The name of a cPanel theme was not sufficiently encoded when displayed on the WHM Theme Manager interface. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 11.48.4.7 11.46.3.9 SEC-52 Summary Self-XSS vulnerability in WHM EXIM Configuration Manager. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N) Description Error messages displayed when submitting the WHM Basic Configuration Editor for EXIM were not encoded correctly. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 11.48.4.7 11.46.3.9 SEC-53 Summary Self-stored XSS vulnerability in WHM View Available Locales. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N) Description Theme names were not properly encoded on the WHM View Available Locales interface. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 11.48.4.7 11.46.3.9 SEC-54 Summary Arbitrary code execution via BoxTrapper email forwarding. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Description The BoxTrapper email forwarding logic did not disambiguate destination email addresses from command line arguments when running EXIM to deliver emails. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 11.48.4.7 11.46.3.9 SEC-55 Summary Self-XSS vulnerability in cPanel Change Password interface. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N) Description The enablemysql parameter was not encoded correctly when reflected in error message. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.50.1.3 11.50.0.31 11.48.4.7 11.46.3.9 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWAB2cAAoJEJUhvtyr2U3fLwoQAKroyu8J1qZy9ZVslYCx4eM8 ef3ysx6DzYCaWUiXrfy/Rvl5L1TEOImKmRErm9MAD86j7ib94oElm6vVP7S/zoy2 ERWIt4W6JCcUAqnu+XH4T4iANeVwlNVqN9UW/nNAC9kHMXT68cfYQvzqBtKoRy09 7u/Uqy0uE3Xt0AbreZO1ZtRYKF9l3DBhqxgFGccuH9NSAPWL6Oh1GWDVRX9/Oyxv HxbxrstgGr5k+IiJqzXP2oSo4ZBTerf4yHHW6ekLsPoK8l3V1oaGFrdKW/Ch7/QE o5bzMbn9aWvtIPoRxm1WfeuXv2KdwjPURYexw6Zwxp5qRYILbYSURLdpqVXbaKZ+ DWAEU0X7oUof0ShPlSjhswYv+izcblEVnpDXiR1dPaYDq187r/o6+GRBzneg2z5U YQs+ac3r0Wu9r6XrIJTQYAu7aXnJxZtlwBKELIp51nkL+E+xEYwoiLyqfhoj6maA EXnIWennJoH7Mu0mS26cYbbDf33qryqS74OMvGAUWTqliogBW5+EuUhTTaTZE6c5 rqUI66RwGAhPbSGVmqNqAlmoT0vVU7mh/gcFEhiDjCZ94qGjSbKI0+LFk/kDUPvN 9qqoVGpuV5fiq7l8jb2Rj3taRlDA4EmzU+mbFwirGmTLlpmZ3HXam3mSXpCl7at4 e13knaI3KVyyyYANTQmp =2lwG -----END PGP SIGNATURE-----