cPanel TSR-2016-0005 Full Disclosure
SEC-141
Summary
Code execution as other accounts via mailman list archives.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Description
The sticky-group bit applied to mailman’s list archive directories allowed list owners to modify the contents of these directories. This could be used to execute arbitrary code as other accounts on the system.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6
SEC-152
Summary
Arbitrary code execution due to faulty shebang in Mail::SPF scripts.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
Description
The scripts provided with the Mail::SPF Perl module in cPanel & WHM used /usr/bin/perl rather than /usr/local/cpanel/3rdparty/bin/perl as their interpreter. If executed in an unsafe directory, this could cause untrusted code to load and execute.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6
SEC-154
Summary
Arbitrary file read due to multipart form processing error.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
Description
The Cpanel::Form::parseform() function was found to mishandle some invalid combinations of multipart form data in ways that allowed the reading of arbitrary files in several WHM interfaces.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6
SEC-156
Summary
Stored XSS Vulnerability in WHM tail_upcp2.cgi interface.
Security Rating
cPanel has assigned this vulnerability a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Description
The tail_upcp2.cgi script displays the log output of the cPanel & WHM update process. The output includes portions of log files that contain untrusted data. In some cases, this untrusted output was not properly escaped.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.58.0.29
11.56.0.34
11.54.0.29
11.52.6.6
For the PGP-Signed version of this disclosure please visit https://news.cpanel.com/wp-content/uploads/2016/09/TSR-2016-0005.disclosure.txt