|
cPanel mod_php suexec Privilege Escalation Vulnerability
|
|
Secunia Advisory:
|
SA11700
|
|
|
Release Date:
|
2004-05-26
|
|
Last Update:
|
2004-06-07
|
|
Popularity:
|
9,497 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | cPanel 5.x
cPanel 6.x
cPanel 7.x
cPanel 8.x
cPanel 9.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Rob Brown has reported an security issue in cPanel, potentially allowing malicious users to escalate their privileges.
The problem is that cPanel compiles Apache and PHP with inappropriate options. This causes mod_php to use suexec in an insecure manner.
It is possible to execute arbitrary PHP code with the privileges of any other user, who has a publicly accessible PHP script, by supplying the path to a malicious script using "PATH_INFO".
Example:
http://[vulnerable_system]/~victim/any.php/~[malicious_user]/hack.php
This reportedly affects all versions of cPanel prior to 15th April when compiling Apache 1.3.29 and prior.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
