Targeted Security Release 2012-05-31 Disclosure

The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below.

Information regarding cPanel’s Security Level rankings can be found here:http://go.cpanel.net/securitylevels

Case 59634

Summary

Arbitrary File Write vulnerability in Apache Piped Log Configuration

Security Rating

cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.

Description

When using the Apache Piped Log Configuration, a sophisticated attacker could manually format log messages to take advantage of insufficient input validation in the splitlogs binary. When combined with a directory traversal attack, this vulnerability could allow the attacker to write to arbitrary files on the system.

This vulnerability was discovered by the cPanel Quality Assurance Team. The Apache Piped Log Configuration is a feature which is disabled by default.

Solution

This issue is resolved in the following builds:

  • 11.32.3.19 and greater
  • 11.32.2.28 and greater
  • 11.30.6.8 and greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.

Additionally, this vulnerability is only present when the Apache Piped Log Configuration is in use.
http://httpupdate.cpanel.net/

Case 59656

Summary

Arbitrary Code Execution through cPDAVd

Security Rating

cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.

Description

This is a vulnerability in the cPanel WebDAV implementation, cPDAVd. It would allow an authenticated user the ability to execute arbitrary code through improperly sanitized filenames.

This vulnerability was discovered by the cPanel Quality Assurance Team.

Solution

This issue is resolved in the following builds:

  • 11.32.3.19 and greater
  • 11.32.2.28 and greater
  • 11.30.6.8 and greater

Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.

Posted in: Release Announcements, Security | Tagged: , , ,