Targeted Security Release 2012-05-31 Disclosure
The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below.
Information regarding cPanel’s Security Level rankings can be found here:
http://go.cpanel.net/securitylevels
Case 59634
Summary
Arbitrary File Write vulnerability in Apache Piped Log Configuration
Security Rating
cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
Description
When using the Apache Piped Log Configuration, a sophisticated attacker could manually format log messages to take advantage of insufficient input validation in the splitlogs binary. When combined with a directory traversal attack, this vulnerability could allow the attacker to write to arbitrary files on the system.
This vulnerability was discovered by the cPanel Quality Assurance Team. The Apache Piped Log Configuration is a feature which is disabled by default.
Solution
This issue is resolved in the following builds:
- 11.32.3.19 and greater
- 11.32.2.28 and greater
- 11.30.6.8 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.
Additionally, this vulnerability is only present when the Apache Piped Log Configuration is in use.
Case 59656
Summary
Arbitrary Code Execution through cPDAVd
Security Rating
cPanel has assigned a Security Level of “Important” to this vulnerability. An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.
Description
This is a vulnerability in the cPanel WebDAV implementation, cPDAVd. It would allow an authenticated user the ability to execute arbitrary code through improperly sanitized filenames.
This vulnerability was discovered by the cPanel Quality Assurance Team.
Solution
This issue is resolved in the following builds:
- 11.32.3.19 and greater
- 11.32.2.28 and greater
- 11.30.6.8 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.