Featured Item

cPanel TSR-2014-0008 Full Disclosure

TSR-2014-0008 Full Disclosure

Case 114917

Summary

Resellers could delete feature lists they did not own.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

The check for ownership of a feature list was not functioning properly and allowed a reseller with limited ACLs to delete feature lists that they did not own.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.46.0.15
11.44.1.22
11.42.1.29

Case 115493

Summary

Multiple Self-XSS vulnerabilities due to Template Toolkit setlist filtering.

Security Rating

cPanel has assigned a Security Level of Minor to this vulnerability.

Description

When using a FILTER statement in conjunction with SET or DEFAULT statements in Template Toolkit templates, the statements are not evaluated in the correct order. This makes the FILTER statement ineffective, in many cases creating self-XSS vulnerabilities.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.46.0.15
11.44.1.22
11.42.1.29

Case 115833

Summary

Arbitrary code execution as root via chroothttpd.

Security Rating

cPanel has assigned a Security Level of Minor to this vulnerability.

Description

The chroothttpd script was intended to run the Apache webserver in a chroot. It functions by creating directories in a non-reserved location within the /home directory. By creating a user with the name of one of these directories, a limited privilege reseller could affect the execution of chroothttpd and execute arbitrary code as the root user. This script is outdated and non-functional on current cPanel & WHM systems. It has been removed.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.46.0.15
11.44.1.22
11.42.1.29

Case 118105

Summary

Anti-XSRF tokens disclosed during session based logins.

Security Rating

cPanel has assigned a Security Level of Moderate to this vulnerability.

Description

When using session-based logins, the security token provided by the user was not sufficiently validated. This allowed logins using only information contained within the session cookie, bypassing the security token protections designed to mitigate browser cookie theft.

Credits

This issue was discovered by Aboutnet Support.

Solution

This issue is resolved in the following builds:
11.46.0.15
11.44.1.22
11.42.1.29

Case 127225

Summary

Arbitrary file chown via backupadmin userbackup.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

The backupadmin script parsed the output of pkgacct to determine the filename of the generated backup tarball. This could be abused by cPanel accounts to chown arbitrary paths on the filesystem to the attacker’s UID and GID.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.46.0.15
11.44.1.22
11.42.1.29

Case 132769

Summary

Arbitrary file read via ExampleModule_printfile API1 command.

Security Rating

cPanel has assigned a Security Level of Minor to this vulnerability.

Description

A cPanel user could use the ExampleModule_printfile Api1 call to read files outside of their home directory. This flaw could be used to bypass other restrictions on the cPanel account such as demo mode or jailshell.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.46.0.15
11.44.1.22
11.42.1.29

Multiple Cases (7)

Summary

Multiple XSS vulnerabilities in various interfaces.

Description

Output filtering errors in several different interfaces allowed JavaScript inputs to be returned to the browser without proper filtering. The affected interfaces are listed below.

Case: 115757
Security Rating: Minor
XSS Type: Self
Interface: cPanel
URLs: /frontend/paper_lantern/stats/bwday.html, /frontend/x3/stats/bwday.html
Affected Releases: 11.46.0, 11.44.1, 11.42.1
Reporter: cPanel Security Team

Case: 115837
Security Rating: Minor
XSS Type: Self
Interface: cPanel
URLs: /frontend/x3/psql/addbs.html
Affected Releases: 11.46.0, 11.44.1
Reporter: cPanel Security Team

Case: 117153
Security Rating: Minor
XSS Type: Self
Interface: WHM
URLs: /scripts/doclonetheme
Affected Releases: 11.46.0, 11.44.1, 11.42.1
Reporter: cPanel Security Team

Case: 117673
Security Rating: Minor
XSS Type: Self
Interface: cPanel
URLs: /frontend/x3/subdomain/index.html, /frontend/paper_lantern/subdomain/index.html
Affected Releases: 11.46.0, 11.44.1, 11.42.1
Reporter: Vignesh Kumar

Case: 132617
Security Rating: Minor
XSS Type: Self
Interface: WHM
URLs: /scripts2/dogencrt
Affected Releases: 11.46.0, 11.44.1, 11.42.1
Reporter: cPanel Security Team

Case: 132657
Security Rating: Moderate
XSS Type: Stored
Interface: WHM
URLs: /scripts2/edit_sourceipcheck
Affected Releases: 11.46.0, 11.44.1, 11.42.1
Reporter: cPanel Security Team

Case: 133745
Security Rating: Important
XSS Type: Stored
Interface: WHM
URLs: /scripts2/ftpconfiguration, /scripts/resproftpd
Affected Releases: 11.46.0
Reporter: RACK911Labs.com

cPanel includes a comprehensive protection mechanism against XSS and XSRF attacks called Security Tokens. Security Tokens protection is enabled by default in all installs of cPanel & WHM. When Security Tokens protection is enabled, an attacker intending to utilize any self-XSS vulnerabilities must convince the victim to navigate their browser to the appropriate cPanel or WHM interface and manually input the JavaScript payload.

Credits

These issues were discovered by the respective reporters listed above.

Solution

These issues are resolved in the following builds:

11.46.0.15
11.44.1.22
11.42.1.29

For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2014/11/TSR-2014-0008-Disclosure.txt.

If you would like to sign up for Security notices, please go to https://cpanel.net/mailing-lists.

Posted in: News, Security | Tagged: , ,

Microsoft® FrontPage® Blocking 11.46 Upgrades: Removal Required

For many cPanel & WHM customers, an existing installation of Microsoft® FrontPage® extensions on their Linux server(s) is blocking the ability to upgrade to cPanel & WHM software version 11.46. Microsoft® discontinued support for FrontPage® extensions on Linux servers in 2006.

Blockers are conditions that will not allow the cPanel & WHM update process (upcp) to install a particular version. For more information on upgrade blockers, visit http://go.cpanel.net/blockers.

Please note that the FrontPage® RPM and the FrontPage® opt mod (mod_frontpage) in EasyApache are separate entities. The presence of mod_frontpage will not block upgrades to cPanel & WHM version 11.46.

IMPACT

If you do not remove existing installations of Microsoft® FrontPage® extensions on your Linux server(s), you will be unable to upgrade to cPanel & WHM 11.46.

AFFECTED VERSIONS

  • cPanel & WHM 11.46

SOLUTION

If you are having trouble upgrading to 11.46, please take the following steps to remove Microsoft® FrontPage® RPM from your Linux server(s).

INSTRUCTIONS

In WHM:

  1. Navigate to Home >> FrontPage >> Uninstall FrontPage Extensions.
  2. Select the account for which you would like to uninstall the extensions.
  3. Click UnInstall.

Or

From the command line:

  • Run /scripts/unsetupfp4 –all as the root user.

We strongly recommend that you rebuild EasyApache without FrontPage® before you attempt to upgrade.

For more information on the Microsoft® FrontPage® blocker for cPanel & WHM 11.46 and how to determine if your server is affected, visit http://go.cpanel.net/frontpageblocker.

Need help? Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

Posted in News, Software Updates | Tagged: , , , ,

EasyApache 3.26.10 Released

SUMMARY

cPanel, Inc. has released EasyApache 3.26.10 with PHP version 5.5.19 and PHP version 5.4.35. This release addresses vulnerabilities related to CVE-2014-3710 by fixing bugs in the Fileinfo module. We strongly encourage all PHP 5.5 users to upgrade to version 5.5.19 and all PHP v5.4 users to upgrade to version 5.4.35.  Continue reading

Posted in News, Software Updates | Tagged: , , , ,

cPanel TSR-2014-0008 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Continue reading

Posted in News, Security | Tagged: , ,

11.46 Now in RELEASE Tier

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.46, which is now available in the RELEASE tier.

cPanel & WHM 11.46 offers localization and support for 29 languages, Paper Lantern branding, ModSecurity tools, and more.

Continue reading

Posted in News, Press Releases, Release Announcements | Tagged: , ,

11.40 Now EOL, 11.42 to EOL in 3 Months

cPanel & WHM software version 11.40 has now reached End of Life.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers. The last release of cPanel & WHM 11.40, 11.40.1.22, will remain on our mirrors indefinitely. However, no further updates, such as security fixes and installations, will be provided for 11.40. Older releases of cPanel & WHM 11.40 will be removed from our mirrors.

Continue reading

Posted in News, Release Announcements | Tagged: , , ,

11.46 Now in CURRENT Tier

10/22/2014
Houston, TX -

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.46, which is now available in the CURRENT tier.

cPanel & WHM 11.46 offers localization and support for 29 languages, Paper Lantern branding, ModSecurity tools, and more.

Continue reading

Posted in News, Press Releases, Release Announcements | Tagged: , , ,

11.40 EOL, 1 Month Notice

cPanel & WHM software version 11.40 will reach End of Life at the end of October 2014.

In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.40 once it reaches its EOL date.

Continue reading

Posted in News, Release Announcements | Tagged: , ,

cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169

Bash CVE-2014-6217 and CVE-2014-7169

CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry points where this vulnerability could be exploited. This blog post from Red Hat demonstrates how such attacks are possible: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

CVE-2014-7169 is a second vulnerability in all versions of GNU Bash. This second CVE covers attack vectors that were not fixed in the initial updates for CVE-2014-6217. Targeting CVE-2014-7169 is more complicated for an attacker. The authors of GNU Bash are currently working on updates to address CVE-2014-7169. This article from Red Hat has additional details about this flaw: https://access.redhat.com/articles/1200223

Continue reading

Posted in News, Security | Tagged: ,

EasyApache to Install Apache 2.4 in Basic Profile – 60 Day Notice

In approximately 60 days, the Basic profile in EasyApache will build Apache 2.4 by default. This change will not alter existing EasyApache profiles that build Apache 2.2. If you plan to update from an existing Apache 2.2 installation to Apache 2.4, we strongly recommend that you build in a test environment before you migrate Apache versions on a production server.

Continue reading

Posted in News, Software Updates | Tagged: , , ,
Page 1 of 3212345...102030...Last »