-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 cPanel TSR-2015-0001 Full Disclosure SEC-1 Summary Arbitrary code could be executed as other accounts with RUID2/ITK enabled. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) Description The WHM "Apache mod_userdir Tweak" interface incorrectly allowed the exclusion of specific users from userdir protection when mod_ruid2 or MPM-ITK was in use on the server. With this misconfiguration, the excluded user could execute arbitrary code with the UID and GID of the excluding virtualhost via Apache userdir URLs. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.46.2.2 11.46.1.6 11.44.2.4 11.42.1.30 SEC-4 Summary Noshell restriction bypass via SFTP connections. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N) Description On cPanel & WHM systems, accounts configured with "noshell" as their login shell may still connect to the server using SFTP. Users connecting in this fashion had access to the /proc filesystem. By modifying '/proc/self/mem', an attacker could execute arbitrary code as if connected via a normal shell. Credits This issue was discovered by Jann Horn. Solution This issue is resolved in the following builds: 11.46.2.2 11.46.1.6 11.44.2.4 11.42.1.30 SEC-8 Summary Stored XSS vulnerability in cPDAVd directory index functionality. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) Description cPDAVd did not correctly HTML escape filenames included in the HTML it generated for directory indexes. This allowed attackers with the ability to generate files with XSS payloads to conduce stored-XSS attacks against the authenticated cPDAVd user if the user connected with to WebDAV services using a normal web browser. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.46.2.2 11.46.1.6 11.44.2.4 11.42.1.30 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJUvtRKAAoJEJUhvtyr2U3fDa4QAMniTVZghsQMVw+JEV1NKEm/ Ou6VaDn/2X0hfBJdKikiuHUdG5vRuBouiv0KM+4iJsQMCdk/ok/ZL1iDrQKfpbyX T37dNszO+J6aC4ssI1jO0f2TPi9vrTLbK9q320jF3xYkxGUp3dw5/8XC5v0d2pa9 miR1u6hVjVUgn4deMSf2uJOCOz/tINFtBm5mC1abh9utd5VIMfrSD9gkpnEaSNPx oNsdupBAufoa4EBAX4NvvsG8itni99wcyf1IjXFfsvs6Le1PTkndSExcnxKAfP/0 pPLeEoaZpZ3nK5qO9uzKlbILKSizNBUCFwaXAZcra6s3ZbrWrncXAgTZBL0369P7 kziE54So4ZarG8WQP88ULC0SPa37zzXLDuXD/SLTKsRSoHuQYcWmuGWBHHv9ftFa 6O4vsJ+0iYUNbR/TZ2Ftu/EFmjHXUhpLSrXSEMk9yVRSjPfULwsSHh034vFjKYLD lHXffBElhIfonod5iqYnbp7Fi4Nc5d1exSQa21Iy9p7WRbwocceearh3uECO3vQC 4T80bFw20y+lV5Z54upVcDy4FTRiBxhnaSfpzwbeU8Td9AzuSyfc11oCVAFkbByP 4z/mBGnJS274qkX9ActXomb9z7aXxrvuLr5Xf2YCGF0ou1TE+nUMuIVmIUHs7tmr 3gGDZ8SCBnBqlZZ8tCCl =s7QK -----END PGP SIGNATURE-----