Featured Item

cPanel TSR-2014-0007 Full Disclosure

cPanel TSR-2014-0007 Full Disclosure

Case 109049

Summary

Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within the .cpaddons sub-directory, a local attacker could overwrite arbitrary files with known data.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Case 109469

Summary

Bypass of email and webdav access during account suspension.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

To disable email and webdav access during an account suspension, the shadow files for the accounts are modified. These shadow files reside in the suspended user’s home directory. By removing write permissions from these files, the user could prevent modifications and preserve access for email and webdav virtual accounts.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Case 109789

Summary

Bypass of account suspension lock via account rename.

Security Rating

cPanel has assigned a Security Level of Minor to this vulnerability.

Description

The cPanel & WHM logic for suspending accounts allows the root user to lock a suspended account so that the reseller who owns the account is unable to unsuspended it. A reseller with the edit-account ACL could bypass this lock by renaming the suspended account.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Case 109797

Summary

Bypass of locks for account unsuspension in scripts/remote_unsuspend.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

The cPanel & WHM logic for suspending accounts allows the root user to lock a suspended account so that the reseller that owns the account is unable to unsuspended it. Resellers could bypass these restrictions using the remote_unsuspend WHM interface, which did not check for account suspension locks.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Case 112041

Summary

Arbitrary file overwrite in checkstunnel script.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

The checkstunnel script attempts to generate a working configuration file for stunnel. During this process, a temporary configuration file is written to a predictable location in /tmp. By placing a symlink at this location, a local attacker could overwrite an arbitrary file with predictable contents.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Case 112361

Summary

Arbitrary file overwrite via Tailwatch cPBandwd driver.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

The Tailwatch cPBandwd driver parses the mail logs to track bandwidth usage for accounts on the system. The username from a parsed log line is used in constructing the path to the file in which bandwidth usage is tracked. By carefully manipulating the username of an account logging in, an authenticated attacker could create or overwrite arbitrary files with known data.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Case 113101

Summary

Arbitrary code execution as shared webmail accounts.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

When processing HTTP requests, the cpsrvd daemon strips several path traversal sequences from the requested URI before translating the request to a path on the filesystem. Flaws in this logic allowed an authenticated attacker to craft a request that would execute arbitrary PHP code while running as one of the shared webmail accounts.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Case 113477

Summary

Arbitrary code execution as cpanel-horde user via cache file poisoning.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. These cache files were stored in the world-writable /tmp directory with predictable names when Horde was accessed using the cPanel interfaces. A malicious local attacker could pre-create the cache files inside /tmp, leading to arbitrary code execution as the cpanel-horde user.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.18
11.42.1.26
11.40.1.21

Multiple Cases (5)

Summary

Multiple XSS vulnerabilities in various interfaces.

Description

Output filtering errors in several different interfaces allowed JavaScript inputs to be returned to the browser without proper filtering. The affected interfaces are listed below.

Case: 109009
Security Rating: Moderate
XSS Type: Stored
Interface: WHM
URLs: /cgi/trustclustermaster.cgi
Affected Releases: 11.44.1, 11.42.1, 11.40.1
Reporter: cPanel Security Team

Case: 109029
Security Rating: Minor
XSS Type: Self-stored
Interface: WHM
URLs: /scripts2/basic_exim_editor
Affected Releases: 11.44.1, 11.42.1, 11.40.1
Reporter: cPanel Security Team

Case: 109037
Security Rating: Minor
XSS Type: Self-stored
Interface: WHM
URLs: /scripts/spamdconf
Affected Releases: 11.44.1, 11.42.1, 11.40.1
Reporter: cPanel Security Team

Case: 109045
Security Rating: Minor
XSS Type: Stored
Interface: WHM
URLs: /scripts/servup
Affected Releases: 11.44.1, 11.42.1, 11.40.1
Reporter: cPanel Security Team

Case: 110169
Security Rating: Important
XSS Type: Stored
Interface: WHM
URLs: /scripts4/listaccts
Affected Releases: 11.44.1, 11.42.1, 11.40.1
Reporter: Rohan Durve

cPanel includes a comprehensive protection mechanism against XSS and XSRF attacks called Security Tokens. Security Tokens protection is enabled by default in all installs of cPanel & WHM. When Security Tokens protection is enabled, an attacker intending to utilize any self-XSS vulnerabilities must convince the victim to navigate their browser to the appropriate cPanel or WHM interface and manually input the JavaScript payload.

Credits

These issues were discovered by the respective reporters listed above.

Solution

These issues are resolved in the following builds:

11.44.1.18
11.42.1.26
11.40.1.21

For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2014/09/TSR-2014-0007-Full-Disclosure.txt.

If you would like to sign up for Security notices, please go to http://cpanel.net/mailing-lists.

Posted in: News, Security | Tagged: , ,

cPanel TSR-2014-0007 Announcement

cPanel TSR-2014-0007 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

cPanel has rated these updates as having security impact levels ranging from Minor to Important.

Information on cPanel’s security ratings is available at http://go.cpanel.net/securitylevels.

If your deployed cPanel & WHM servers are configured to automatically update when new releases are available, then no action is required. Your systems will update automatically. If you have disabled automatic updates, then we strongly encourage you to update your cPanel & WHM installations at your earliest convenience.

RELEASES

The following cPanel & WHM versions address all known vulnerabilities:

* 11.44.1.18 & Greater
* 11.42.1.26 & Greater
* 11.40.1.21 & Greater

The latest public releases of cPanel & WHM for all update tiers are available at http://httpupdate.cpanel.net.

SECURITY ISSUE INFORMATION

The cPanel security team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues. This Targeted Security Release addresses 13 vulnerabilities in cPanel & WHM software versions 11.44, 11.42, and 11.40.

Additional information is scheduled for release on September 15th, 2014.

For information on cPanel & WHM Versions and the Release Process, read our documentation at:

http://go.cpanel.net/versionformat.

For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2014/09/TSR-2014-0007-Announcement.txt.

If you would like to sign up for Security notices, please go to http://cpanel.net/mailing-lists.

Posted in News, Security | Tagged: , ,

EasyApache 3.26.7 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.26.7 with Apache version 2.2.29. This release addresses vulnerabilities CVE-2014-0118, CVE-2014-0231, CVE-2014-0226 and CVE-2013-5704. We encourage all Apache 2.2 users to upgrade to Apache version 2.2.29.

AFFECTED VERSIONS
All versions of Apache 2.2 before version 2.2.29.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0118 – MEDIUM

Apache 2.2.29
Fixed bug in the Deflate module related to CVE-2014-0118.

CVE-2014-0231 – MEDIUM

Apache 2.2.29
Fixed bug in the CGID module related to CVE-2014-0231.

CVE-2014-0226 – MEDIUM

Apache 2.2.29
Fixed a race condition related to CVE-2014-0226.

CVE-2013-5704 – MEDIUM

Apache 2.2.29
Fixed a bug in the Headers module related to CVE-2013-5704.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.7 with an updated version of Apache 2.2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5704
http://apache.cs.utah.edu//httpd/CHANGES_2.2.29

For the PGP-signed message, see CVE EA 3-26-7 signed.

Posted in News, Software Updates | Tagged: , , , ,

11.40 EOL, 2 Month Notice

cPanel & WHM software version 11.40 will reach End of Life at the end of October 2014.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.40 once it reaches its EOL date.

Continue reading

Posted in News, Release Announcements | Tagged: , ,

EasyApache 3.26.6 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.26.6 with PHP versions 5.4.32 and 5.5.16. This release addresses vulnerabilities CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120, CVE-2014-3597, CVE-2014-4670 and CVE-2014-4698. We encourage all PHP 5.4 users to upgrade to PHP version 5.4.32 and all PHP 5.5 users to upgrade to PHP version 5.5.16.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

11.44 Now in STABLE Tier

8/20/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.44, which is now available in the STABLE tier.

Continue reading

Posted in News, Press Releases, Release Announcements | Tagged: , , ,

EasyApache 3.26.5 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.26.5 with PHP version 5.3.29 and a patch to libxml2. This release addresses libxml2 vulnerability CVE-2014-0191 and PHP vulnerabilities CVE-2014-3981, CVE-2014-3515, CVE-2013-6712, CVE-2014-0207, CVE-2014-0238, CVE-2014-0237, and CVE-2014-4049 by fixing bugs in PHP’s core and PHP’s Network, Fileinfo and DateInterval modules. We encourage all PHP 5.3 users to upgrade to PHP version 5.3.29.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

cPanel TSR-2014-0006 Full Disclosure

Case 108965

Summary

Bypass of account suspension via mod_userdir.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

The fix for case 101677 in TSR-2014-0005 introduced a regression in account suspensions that allowed the web content of a suspended account to be viewed normally via Apache userdir style URLs. This has been corrected so that both NameVirtualHost and userdir access to the suspended account’s web content is blocked.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.44.1.11
11.42.1.25
11.40.1.20

For the PGP-signed message, see: http://cpanel.net/wp-content/uploads/2014/08/TSR-2014-0006-Full-Disclosure.txt

Posted in News, Security | Tagged: , ,

EasyApache 3.26.4 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.26.4 with mod_perl version 2.0.8. This release fixes bugs related to vulnerability CVE-2013-1667 in the mod_perl2 Apache test suite.

Continue reading

Posted in News, Software Updates | Tagged: , , , ,

cPanel TSR-2014-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Continue reading

Posted in News, Security | Tagged: , ,
Page 1 of 3112345...102030...Last »