Newsroom

2013-02-26 cPanel & WHM Security Advisory for 11.32, 11.34, and 11.36

The following disclosure covers the Targeted Security Release
2013-02-26. Each vulnerability is assigned an internal case number which
is reflected below.

Information regarding cPanel’s Security Level rankings can be found
here:

http://go.cpanel.net/securitylevels

Case 63700

Summary

File disclosure and code execution using API 2 call

Security Rating

cPanel has assigned a Security Level of “Important” to this
vulnerability.

Description

cPanel & WHM provide an API 2 call that allows branding code to include files
that are on the system. This function can also be called remotely. The
function did not check that the files requested were within the appropriate
document root, so arbitrary files could be read. Additionally, there
was the possibility to leverage this with another, third-party
vulnerability to execute arbitrary code.

cPanel would like to thank J.D. Lightsey of cPanel for discovering and
reporting this issue.

Solution

This issue is resolved in the following builds:

11.36.0.10 and greater
11.34.1.11 and greater
11.32.6.2 and greater

Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.

Case 63624

Summary

Cross-site scripting attack in countedit.cgi

Security Rating

cPanel has assigned a Security Level of “Trivial” to this vulnerability.

Description

cPanel & WHM provides a script to edit website counters. Due to
insufficient input validation, a cross-site scripting attack was
possible. This could result in the counter information not being
correctly updated.

cPanel would like to thank Douglas Secco dos Santos of Andrade Soto
Information Security for discovering and reporting this issue.

Solution

This issue is resolved in the following builds:

11.36.0.10 and greater
11.34.1.11 and greater
11.32.6.2 and greater

Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.

Case 63678

Summary

Unsafe temporary file in update blocker leading to symlink attack

Security Rating

cPanel has assigned a Security Level of “Important” to this
vulnerability.

Description

cPanel & WHM version 11.36 verifies that all disks are writable when
performing an upgrade. However, when testing this by writing files to
the system temporary directory, files were created with predictable names,
which could be exploited with a symlink attack to overwrite any file on
the system with predictable data. This issue affected only 11.36
systems.

cPanel would like to thank Jeff Petersen of cPanel for discovering and
reporting this issue.

Solution

This issue is resolved in the following builds:

11.36.0.10 and greater

Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.