Section: Security

cPanel TSR-2015-0001 Full Disclosure

SEC-1 Summary Arbitrary code could be executed as other accounts with RUID2/ITK enabled. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) Description The WHM “Apache mod_userdir Tweak” interface incorrectly allowed the exclusion of specific users from userdir protection when mod_ruid2 or MPM-ITK was in use …

Posted in News, Security | Tagged: , ,

cPanel TSR-2015-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

Scheduled TSR Cycles

Throughout 2014, the cPanel Security Team has worked with security researchers through cPanel’s Security Bounty program. We try to deliver fixes to issues these security researchers have discovered, along with fixes for issues discovered by cPanel’s internal code audits, in regular two-month cycles. The intent of these scheduled TSRs has …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0008 Full Disclosure

Case 114917 Summary Resellers could delete feature lists they did not own. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The check for ownership of a feature list was not functioning properly and allowed a reseller with limited ACLs to delete feature lists that …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0008 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169

Bash CVE-2014-6217 and CVE-2014-7169 CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry …

Posted in News, Security | Tagged: ,

cPanel TSR-2014-0007 Full Disclosure

Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within the .cpaddons sub-directory, a …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0007 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0006 Full Disclosure

Case 108965 Summary Bypass of account suspension via mod_userdir. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The fix for case 101677 in TSR-2014-0005 introduced a regression in account suspensions that allowed the web content of a suspended account to be viewed normally via …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,
Page 1 of 912345...Last »