Multiple vulnerabilities in cPanel EasyApache



Published: 2017-09-06 | Updated: 2017-09-07
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2017-0900
CVE-2017-0899
CVE-2017-0901
CVE-2017-0902
CVE-2017-12932
CWE-ID CWE-20
CWE-284
CWE-416
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
EasyApache
Server applications / Other server solutions

Vendor cPanel, Inc

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Denial of service

EUVDB-ID: #VU8055

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-0900

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can supply a specially crafted 'query' command and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EasyApache: 4


CPE2.3 External links

http://news.cpanel.com/easyapache-sept-6-2017-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Security restrictions bypass

EUVDB-ID: #VU8056

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-0899

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unknown error. A remote attacker can escape ANSI.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EasyApache: 4


CPE2.3 External links

http://news.cpanel.com/easyapache-sept-6-2017-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper input validation

EUVDB-ID: #VU8057

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-0901

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to overwrite arbitrary files on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into installing a specially crafted RubyGem and overwrite arbitrary files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EasyApache: 4


CPE2.3 External links

http://news.cpanel.com/easyapache-sept-6-2017-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Session hijacking

EUVDB-ID: #VU8058

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-0902

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to hijack the target user's session.

The weakness exists due to improper access control. A remote attacker can hijack DNS sessions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EasyApache: 4


CPE2.3 External links

http://news.cpanel.com/easyapache-sept-6-2017-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Heap use-after-free error

EUVDB-ID: #VU8137

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-12932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper use of the hash API for key deletion in a situation with an invalid array size. A remote attacker can use untrusted data to trigger heap use-after-free error in ext/standard/var_unserializer.re and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EasyApache: 4


CPE2.3 External links

http://news.cpanel.com/easyapache-sept-6-2017-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###