-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 cPanel TSR-2021-0004 Full Disclosure SEC-585 Summary WHM Locale Upload allows vulnerable to XXE and unserialization attacks. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N Description The WHM Local Upload functionality allows for arbitrary XML documents to be uploaded. These documents may be serialized Perl object data. These documents may include references to external entities and/or be recorded as blessed Perl objects. This may lead to arbitrary file read/writes and/or code execution. Credits This issue was discovered by Adrian Tiron, Fortbridge (www.fortbridge.co.uk). Solution This issue is resolved in the following builds: 11.98.0.1 11.96.0.13 11.94.0.13 SEC-586 Summary Insecure temporary file creation in scripts/fix-cpanel-perl. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Description The scripts/fix-cpanel-perl script creates temporary files and directories in a predictable location. An attacker could create these directories before the script executes in order to execute arbitrary code. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.96.0.13 SEC-587 Summary The fix-cpanel-perl script does not verify download integrity. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Description In some situations, the fix-cpanel-perl script does not verify signatures on files downloaded from the cPanel mirrors. This could allow for an attacker to execute arbitrary code in the event of a MITM attack. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.96.0.13 SEC-588 Summary Insecure file overwrite in scripts/fix-cpanel-perl. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Description The scripts/fix-cpanel-perl script can create a file in the current working directory. If the script is run from within a user-controlled directory, it may be possible to overwrite an arbitrary file with known content. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.96.0.13 SEC-589 Summary Insecure file operations performed by /scripts/cpan_config. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N Description The /scripts/cpan_config script perfumes insecure file operations within the current working directory. If run in a user-controlled directory, it is possible for an attacker to overwrite arbitrary files. Credits This issue was discovered by Patrick William - Rack911 Labs. Solution This issue is resolved in the following builds: 11.98.0.1 11.96.0.13 11.94.0.13 -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmDwhF8UHHNlY3VyaXR5 QGNwYW5lbC5uZXQACgkQlSG+3KvZTd9DWA/7B8KjI2PaBIIDtR7shZXuzY9W7LBB zY2c1tzs1EuwTA56nx3dLD4J/erM8Cr8FairP81TOuxdoy+d9XffvwgWudXWxj1z tRTUXyZTml1MFS/klPspO1aaXrRh/m3RG+h35i5T5joYLcWfjgzrP33/fK0YDlJJ Pf3XRm7HugdrIwWNpvHnez1wjj4gLelVQfaJ7g+Ag2iaHfi6EAuOsRXS43+yJgOq t3107ULNUyyJC65POPrnZLGdXJhpGwd2IFMlL37e+1kWGva+ruAP3x0A77IuzlpC +KYeGLgyBAYHdtGohXReGP1Z7jUu5AAImSzEvZ1MdDV1ihHSoiOf/64A/KDdTjka way78SldW756HbAD50zEHWY9ScJHWwVGQIQavL+ZO4+4o3IGA5DMbCTWXhX5ylpv iHOdTNMtaHE+shEraUy4XEQr+6UhPuPe9UmXRT5o4/6rwa2i6R75hfdJj9CbCjaL nQh2CqWyo3jmv8Zeuqrd8jR/Jjq5zeUk7xavpoDH7O30kmBDVamGfmzvweAD7uml heo9vbd/5sr7UZjINj+YNsFgGOVrezRpKhmRttApsN9Po1r5itEIPPImAfWd5ACv AP9mCks6VEDIAUlh3zZschj4ym9RInbegjFWmcpDowU+H2nU+viXFBw4mus0dIMa FHHVyvLEuJljVo8= =a2ls -----END PGP SIGNATURE-----