Important: cPanel Security Disclosure TSR-2013-0007
The following disclosure covers the Targeted Security Release 2013-06-26.
Each vulnerability is assigned an internal case number which is reflected below.
Information regarding the cPanel Security Level rankings can be found here:http://go.cpanel.net/securitylevels
Case 71193
Summary
Local cPanel users are able to take over ownership of any file or directory on the system.
Security Rating
cPanel has assigned a Security Level of Important to this vulnerability.
Description
The log processing subsystem, cpanellogd, on cPanel & WHM servers offers an option for users to create an archive of their domain’s access logs in their home directory. During the preparatory steps for archiving, Cpanel::Logs::prep_logs_path performs a variety of checks to ensure a proper operating environment exists. A number of these checks are performed by a root-privileged process on files and directories in a user’s home directory. A malicious user could take advantage of this behavior to take ownership of important files on the same file system as his home directory.
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
* 11.38.1.4 and greater
* 11.38.0.19 and greater
* 11.36.1.9 and greater
* 11.34.1.17 and greater
* 11.32.6.8 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.
Case 71109
Summary
Local cPanel users are able to take over ownership of any file or directory on the system.
Security Rating
cPanel has assigned a Security Level of Important to this vulnerability.
Description
The log processing subsystem, cpanellogd, on cPanel & WHM servers offers an option for users to create an archive of their domain’s access logs in their home directory. When cpanellogd creates these archives, some operations are performed by a root-privileged process in the user’s home directory. Through the use of a carefully crafted hard link a malicious user could take advantage of this behavior to take ownership of any file on the same file system as his home directory.
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
* 11.38.1.4 and greater
* 11.38.0.19 and greater
* 11.36.1.9 and greater
* 11.34.1.17 and greater
* 11.32.6.8 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.
For the PGP Signed Message, Please go here.