The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below.
Information regarding cPanel’s Security Level rankings can be found here:http://go.cpanel.net/securitylevels
Arbitrary File Write vulnerability in Apache Piped Log Configuration
cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
When using the Apache Piped Log Configuration, a sophisticated attacker could manually format log messages to take advantage of insufficient input validation in the splitlogs binary. When combined with a directory traversal attack, this vulnerability could allow the attacker to write to arbitrary files on the system.
This vulnerability was discovered by the cPanel Quality Assurance Team. The Apache Piped Log Configuration is a feature which is disabled by default.
This issue is resolved in the following builds:
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.
Additionally, this vulnerability is only present when the Apache Piped Log Configuration is in use.
http://httpupdate.cpanel.net/
Arbitrary Code Execution through cPDAVd
cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
This is a vulnerability in the cPanel WebDAV implementation, cPDAVd. It would allow an authenticated user the ability to execute arbitrary code through improperly sanitized filenames.
This vulnerability was discovered by the cPanel Quality Assurance Team.
This issue is resolved in the following builds:
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.