Multiple privilege escalation vulnerabilities due to the use of Storable for serialization
cPanel has assigned a Security Level of “Important” to this vulnerability.
The Perl Storable module provides support for serialization and deserialization of Perl data structures. In cPanel & WHM this functionality is used for caching data to disk and transferring data between processes. In many areas this caching and interprocess communication crosses privilege separation boundaries.
The version of Storable used in previous releases of cPanel & WHM was unsuitable for this task for multiple reasons:
1. Serialized data was blessed into arbitrary packages as it was deserialized. This could be leveraged to perform unsafe actions in object destructors.
2. Serialized data was tied into arbitrary packages when it was deserialized. This could be leveraged to perform unsafe actions by tieing arbitrary data to sensitive package interfaces.
3. Storable attempted to load code as it deserialized data to create objects where it was lacking an existing class definition. This code loading could be leveraged to bypass normal @INC safety checks or to load security sensitive packages into the process performing the deserialization.
This vulnerability was discovered by the cPanel Quality Assurance Team.
This issue is resolved in the following builds:
* 18.104.22.168 and greater
* 22.214.171.124 and greater
* 126.96.36.199 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.