(Dec 4) Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate [More…]
Case 60970
Summary
Privilege escalation vulnerabilities due to the use of YAML::Syck for serialization
Security Rating
cPanel has assigned a Security Level of “Important” to this vulnerability.
Description
The Perl YAML::Syck module provides support for serialization and deserialization of data structures using the YAML format. In cPanel & WHM this functionality is used for storing human readable configuration files and some interprocess communication. In some areas the use of YAML crosses privilege separation boundaries.
The version of YAML::Syck used in previous releases of cPanel & WHM allowed serialized data to be blessed into arbitrary packages as it was deserialized. This could be leveraged to perform unsafe actions in object destructors.
This vulnerability was discovered by the cPanel Quality Assurance Team.
Solution
This issue is resolved in the following builds:
* 11.34.0.10 and greater
* 11.32.5.14 and greater
* 11.30.7.3 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.
Case 61251
Summary
Arbitrary code execution via translatable phrases due to the use of Locale::Maketext
Security Rating
cPanel has assigned a Security Level of “Important” to this vulnerability.
Description
The Perl Locale::Maketext module is used to render translatable phrases into a user’s chosen locale. cPanel & WHM uses this module to display all translatable phrases in the cPanel, WHM and Webmail interfaces.
The version of Locale::Maketext used in previous releases of cPanel & WHM suffered from two flaws in the _compile() function which allowed authenticated users to execute arbitrary code by supplying specially crafted translatable phrases:
1. The _compile() function improperly escaped backslash characters inside of maketext tags. The improperly escaped data was then fed into a Perl eval().
2. The _compile() function included support for package namespaced maketext tags that could be used to execute functions that were not designed to be treated as maketext tags.
This vulnerability was discovered by the cPanel Quality Assurance Team.
Solution
This issue is resolved in the following builds:
* 11.34.0.10 and greater
* 11.32.5.14 and greater
* 11.30.7.3 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.
(Dec 4) The system could be made to run programs as an administrator.
(Dec 5) CUPS could be made to read files or run programs as an administrator.
50 queries. 8.75 mb Memory usage. 0.314 seconds.