SB2017011801 - Multiple vulnerabilities in cPanel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017011801

SB2017011801 - Multiple vulnerabilities in cPanel

Published: January 18, 2017

Security Bulletin ID SB2017011801
Severity
Critical
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Weak password (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to database.

The Munin monitoring tool includes a plugin to check the status of the MySQL service. This plugin used a dedicated test MySQL user to provide this functionality. The password set for this user was identical to the username. In cPanel’s current configuration of Munin, this MySQL user is no longer required and has been removed.

Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to MySQL database.


2) Cross-site scripting (CVE-ID: N/A)

Vulnerability allows a remote authenticated attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in reset password interfaces. A remote authenticated attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Additionally, several self-XSS vulnerabilities were also patched.


3) Arbitrary file disclosure (CVE-ID: N/A)

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to an error when processing valiases for users. A remote authenticated user can create valias, which includes other files, and read them with privileges of Exim system user.

Successful exploitation of the vulnerability may allow an attacker to read arbitrary files on the system.


4) Format string vulnerability (CVE-ID: CVE-2017-5613)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a format string error within cgiemail and cgiecho binaries when processing template files. A remote authenticated attacker can create a specially crafted file, containing form string specifiers and execute arbitrary code on the target system.

Successful exploitation may allow an attacker to compromise vulnerable system.

Note: this vulnerability has been exploited in the wild and was disclosed by the Shadow Brokers leak. The exploit is known as ElegantEagle.


Remediation

Install update from vendor's website.

References