TSR-2015-0005 Full Disclosure
SEC-44
Summary
Open redirect via /unprotected/redirect.html.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
The /unprotected/redirect.html URL in cPanel & WHM allowed remote attackers to redirect users to arbitrary web sites.
Credits
This issue was discovered by Salman Khan.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
SEC-49
Summary
Arbitrary file overwrite via WHM /scripts2/edit_sourceipcheck.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:H/Au:S/C:N/I:C/A:N)
Description
When modifying the security settings for an account the edit_sourceipcheck() function performed read and write operations with root privileges within the target user’s home directory.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9
SEC-50
Summary
Information disclosure via p0f.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:C/A:N)
Description
The p0f socket file was configured with permissions that allowed local users to query the connection information without any restrictions.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
SEC-51
Summary
Self-stored XSS vulnerability in WHM Theme Manager.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)
Description
The name of a cPanel theme was not sufficiently encoded when displayed on the WHM Theme Manager interface.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9
SEC-52
Summary
Self-XSS vulnerability in WHM EXIM Configuration Manager.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)
Description
Error messages displayed when submitting the WHM Basic Configuration Editor for EXIM were not encoded correctly.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9
SEC-53
Summary
Self-stored XSS vulnerability in WHM View Available Locales.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)
Description
Theme names were not properly encoded on the WHM View Available Locales interface.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9
SEC-54
Summary
Arbitrary code execution via BoxTrapper email forwarding.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Description
The BoxTrapper email forwarding logic did not disambiguate destination email addresses from command line arguments when running EXIM to deliver emails.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9
SEC-55
Summary
Self-XSS vulnerability in cPanel Change Password interface.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)
Description
The enablemysql parameter was not encoded correctly when reflected in error message.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.50.1.3
11.50.0.31
11.48.4.7
11.46.3.9
For the PGP-Signed version of this disclosure please visit: http://news.cpanel.com/wp-content/uploads/2015/09/TSR-2015-0005-Disclosure.txt