cPanel Security Advisory: cPanel Password Change Privilege Escalation

Summary
Updated builds of cPanel 10.5.0 that fix a security issue are available for users of EDGE, CURRENT, RELEASE and STABLE.

Security Rating
This update has been rated as having a trivial security impact by the cPanel Security team.

Description
Successful exploitation allows a user to access features that are normally only accessible to privileged users (e.g. create/change files on web sites hosted by other domains), but requires that the user unknowingly changes his password to be the same as the root password and subsequently changes it again.

Solution
cPanel users should update to 10.5.0 build 38 or higher, which contain a fix for this issue.

References
Discovered by: IHS
http://secunia.com/advisories/16362/

Posted in: News