(Sep 1) The wheezy part of the previous python-django update, DSA-2740-1, was incorrectly built and did not include all legacy symbolic links for the jquery Javascript library. [More…]
(Aug 29) Multiple security issues have been found in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting. [More…]
TSR-2013-0009 Detailed Disclosure
The following disclosure covers Targeted Security Release TSR-2013-0009, that was published on August 27th, 2013.
Each vulnerability is assigned an internal case number which is reflected below.
Information regarding the cPanel Security Level rankings can be found here:
http://go.cpanel.net/securitylevels
Case 73377
Summary
An account’s cpmove archives were world-readable in the /home directory with 644 permissions during packaging.
Security Rating
cPanel has assigned a Security Level of Moderate to this vulnerability.
Description
The cPanel and WHM account transfer process created a temporary cpmove
archive in the /home directory with 644 permissions. This allowed a local
attacker to read the private contents of another user’s home directory
and configuration settings while the transfer operation was in progress.
The world-readable cpmove file was left accessible for a longer period
of time when the account transfer process failed and required manual intervention.
Credits
This issue was reported by Rack911.com.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Case 73581
Summary
The improper sanitization of user input when adding an Addon Domain could allow a local DoS of the web server.
Security Rating
cPanel has assigned a Security Level of Important to this vulnerability.
Description
While creating a new Addon domain, a cPanel user account could specify a
DocumentRoot for the new addon that would be misinterpreted by Apache as
a nonsensical httpd.conf directive. This vulnerability could be used by
a malicious local attacker to corrupt the global httpd.conf file and
make it impossible to restart the Apache web server.
Credits
This issue was reported by Rack911.com.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Case 73605
Summary
The account rearrange feature of WHM could be used in an unsafe way, potentially leading to a compromise of a system’s security.
Security Rating
cPanel has assigned a Security Level of Moderate to this vulnerability.
Description
WHM resellers with the “Rearrange Accounts” ACL could change the
permissions on arbitrary file paths by moving accounts they
controlled into sensitive filesystem locations and invoke other
automated systems, which assumed these locations were not under any user
account’s control. The “Rearrange Accounts” ACL is a part of the a “Super Privs” ACL group,
which restricts access to WHM operations that may be used to bypass many normal Reseller
access restrictions.
Credits
This issue was reported by Rack911.com
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Case 73773
Summary
cPanel, WHM and Webmail session files contained plaintext passwords.
Security Rating
cPanel has not assigned a Security Level to this issue as we feel this is only a hardening measure.
Description
The session files in /var/cpanel/sessions contained plain text passwords for recently logged in users. The session files were correctly secured so that only the root account on the system could read their contents. We have added additional obfuscation of the plaintext passwords, so that any attacker who compromises the root account on the system will not have the ability to reconstruct the plaintext passwords from the session files.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Case 74521
Summary
Resellers with the locale-edit ACL could overwrite any file on the system.
Security Rating
cPanel has assigned a Security Level of Important to this vulnerability.
Description
Resellers that were able to install locale data from uploaded XML files could overwrite any file
on the disk with data provided in the XML file. This could be used to gain privilege escalation to root.
Credits
This issue was reported by Rack911.com.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Case 75569
Summary
The unsuspend function makes changes to webDAV user files that could unsuspend a suspended user on the system.
Security Rating
cPanel has assigned a Security Level of Important to this vulnerability.
Description
The process of unsuspending a suspended account did not perform proper checks on the ownership and location of the virtual account password files. This flaw allowed a malicious reseller account with the “(Un)Suspend” ACL to unsuspend arbitrary accounts on the system.
Credits
This issue was reported by Rack911.com.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Cases 68205, 71701, 71705, 71709, 71721, 71725, 71733, 75169, 75413, 75417, and 75605
Summary
Multiple vulnerabilities in the cPAddons Site Software subsystem.
Security Rating
cPanel has assigned a range of Security Levels to these vulnerablities from Minor to Important.
Description
The cPAddons Site Software subsystem provides a suite of web application
software that individual cPanel user accounts may install into their
domains. The subsystem also provides interfaces in WHM where the root user
may configure the list of web applications that are available for
installation, configure which web applications require root’s approval
for installation, and perform the installation of moderated cPAddons.
This subsystem was vulnerable to a variety of attacks by malicious local
cPanel accounts and malicious WHM reseller accounts. The vulnerabilities
included flaws in the ACL enforcement logic of the WHM interfaces that
allowed non-root resellers to use the WHM interfaces and stored XSS
attacks that a cPanel account could conduct against the root user. The
moderated cPAddons install logic included further vulnerabilities that
would allow a malicious cPanel user to execute arbitrary code as any
other account on the system.
Credits
These issues were discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Case 71265
Summary
The autoresond.pl script was vulnerable to shell injection.
Security Rating
cPanel has assigned a Security Level of Moderate to this vulnerability.
Description
The cPanel autorespond script is used by cPanel and Webmail accounts to
send vacation notices when the user is unavailable to answer their
email. An input sanitization flaw in this script allowed a malicious
local cPanel account to bypass other account restrictions, such
as jailshell, while executing arbitrary code.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
This issue was not introduced into the autoresponder.pl code until 11.38, 11.36 and prior are not vulnerable.
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Cases 74609 and 75113
Summary
The NVData module lacked proper sanitization, which allowed overwrites of files and path traversal.
Security Rating
cPanel has assigned a Security Level of Minor to this vulnerability.
Description
The WHM interface uses an NVData subsystem to persistently store some
settings of the web interface. This subsystem did insufficient
validation of its inputs, allowing a malicious local reseller to corrupt
NVData files belonging to other users and read files outside of the NVData
subsytem. These flaws potentially allowed the reseller to change
ownership and permissions settings on arbitrary files.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
* 11.39.0.15 & Greater
* 11.38.2.6 & Greater
* 11.36.2.3 & Greater
* 11.34.2.4 & Greater
* 11.32.7.3 & Greater
Please update your cPanel & WHM system to one of the aforementioned
versions or the latest public release available. A full listing of
published versions can always be found at http://httpupdate.cpanel.net/.
Our GPG key is available at: http://go.cpanel.net/gnupgkeys (ABD94DDF)
The cPanel Security Team can be contacted at: [email protected]
We are pleased to introduce new updated Release Notes!
Now you can find there additional Tab about Upgrade Impacts:
http://download1.parallels.com/Plesk/PP11/11.5/release-notes/parallels-plesk-panel-11.5-impacts-for-linux-based-os.html
http://download1.parallels.com/Plesk/PP11/11.5/release-notes/parallels-plesk-panel-11.5-impacts-for-windows-based-os.html
We would like to ask our Plesk community about opinion on these changes:
• Do you think Upgrade Impacts are useful?
• What kind of information is missing from Upgrade Impacts?
• What kind of information present in Upgrade Impacts is important/helpful, so we should continue to add it?
• What kind of information present in Upgrade Impacts is useless, so we should remove it?
• What other improvements to Plesk Release Notes you want?
Please share your feedback!
(Aug 27) Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. [More…]
59 queries. 8.25 mb Memory usage. 1.603 seconds.