-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 cPanel TSR-2015-0006 Full Disclosure SEC-29 Summary Sensitive data revealed to subaccounts through comet feeds. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 3.6 (AV:N/AC:H/Au:S/C:P/I:P/A:N) Description A reseller account could read the comet data intended for the root account and other reseller accounts by subscribing to the wildcard comet channel. Webmail users could similarly read data intended for the cPanel account to which they belonged. All comet data in cPanel, WHM, and Webmail is now restricted to the specific account that created the data. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.52.1.1 11.52.0.23 11.50.3.1 11.48.4.8 SEC-60 Summary Email sending limit bypass. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Description The configured email rate limits for an account were not enforced correctly when the account relayed email using an empty envelope sender address. Credits This issue was discovered by Matt Sheldon. Solution This issue is resolved in the following builds: 11.52.1.1 11.52.0.23 11.50.3.1 11.48.4.8 SEC-64 Summary Unauthenticated arbitrary code execution via DNS NS entry poisoning. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Description Under some configurations, the server fetches DNS nameserver settings from remote DNS servers when an account is created. The retrieved nameserver records were used in an insecure manner, allowing arbitrary code execution as root during the account creation process. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.52.1.1 11.52.0.23 11.50.3.1 11.48.4.8 SEC-65 Summary Unauthorized password changes via Webmail API commands. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N) Description Inconsistencies in the way Webmail API calls separated email addresses into local and domain portions allowed Webmail users to change the passwords of some other accounts on the system. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.52.1.1 11.52.0.23 11.50.3.1 11.48.4.8 SEC-66 Summary WHM API allows for unauthorized zone modification. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P) Description Incorrect handling of the 'zone' argument during ownership checks in multiple WHM API calls allowed for unauthorized zone modifications. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.52.1.1 11.52.0.23 11.50.3.1 11.48.4.8 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWS375AAoJEJUhvtyr2U3fs4gQAL0X1Cz3GxKnou7vq2DFSNfi bJ5vIX3mQ3R4Ml5Yy3vzT60cfW2S++BzA1R1Uv2Eloh00OvxLl6qj9gVT+8K6Kuw 4xpMGxG6g0X0EDK2qpt2/coMw+GHbO/HwhRhJPyf/39ZlwFdyB1TkH3xXKQYb5Yg IdogiiTmaj6lS3HhW3mIAd/BSexjZA/o0ismD5YsS9RMQCRnARQNDdRpJdKgOMfO 2cEsfB5l73rp2fIy9KruQf0HAr7OFENx1L+sv/FU85slD5soIg2EcW6mxOB7CktS +ear3b8wETCfCACnny6PEQQB+Yi8zFjYvXXibdh3VhZR72qlI07Xlzr2lYd8FDgv Xoy6pLhFCgtoyLMOynVFId2lizqhD5Gz7tom+P1pL94na2uf/clC+60ER24sLHDT uSe2YAYyRCJt8MPijU9Dv9FhH+yFRnojQfhnt8eY8c6zqNnAPxfTcfTvf4HxiT7b 6LN5vUuV+/ddwxuOXqX4hXp6riNxR4VMskqayuJs7oPbtRpI8GHIHfU5Ma/Ab/IN ePwLjYNE22zoIZ1SFR89DgHDtLXNdJsfkK7dQeWm/B/5MAYspnpKpivxzRwfI28v YB6dCbW4QU/14OZKmF+KQx8m8mTdOHC1h0Vjtw9MHzxDm1Xf8eUKD2VyQSH7iK8e q0OaRQ7hNp0TbWS1MI/Y =Hceb -----END PGP SIGNATURE-----