Newsroom

cPanel TSR-2021-0004 Full Disclosure

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel TSR-2021-0004 Full Disclosure

SEC-585

Summary

WHM Locale Upload allows vulnerable to XXE and unserialization attacks.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N

Description

The WHM Local Upload functionality allows for arbitrary XML documents to be uploaded. These documents may be serialized Perl object data. These documents may include references to external entities and/or be recorded as blessed Perl objects. This may lead to arbitrary file read/writes and/or code execution.

Credits

This issue was discovered by Adrian Tiron, Fortbridge (Cyber Security Services – London – Your application security mavens ).

Solution

This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13

SEC-586

Summary

Insecure temporary file creation in scripts/fix-cpanel-perl.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

Description

The scripts/fix-cpanel-perl script creates temporary files and directories in a predictable location. An attacker could create these directories before the script executes in order to execute arbitrary code.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.96.0.13

SEC-587

Summary

The fix-cpanel-perl script does not verify download integrity.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Description

In some situations, the fix-cpanel-perl script does not verify signatures on files downloaded from the cPanel mirrors. This could allow for an attacker to execute arbitrary code in the event of a MITM attack.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.96.0.13

SEC-588

Summary

Insecure file overwrite in scripts/fix-cpanel-perl.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

Description

The scripts/fix-cpanel-perl script can create a file in the current working directory. If the script is run from within a user-controlled directory, it may be possible to overwrite an arbitrary file with known content.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.96.0.13

SEC-589

Summary

Insecure file operations performed by /scripts/cpan_config.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N

Description

The /scripts/cpan_config script perfumes insecure file operations within the current working directory. If run in a user-controlled directory, it is possible for an attacker to overwrite arbitrary files.

Credits

This issue was discovered by Patrick William – Rack911 Labs.

Solution

This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13

For information on cPanel & WHM Versions and the Release Process, read our documentation at: https://go.cpanel.net/versionformat