SB2019080648 - Multiple vulnerabilities in cPanel, cPanel

Security Bulletin ID SB2019080648

Severity

High

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Race condition (CVE-ID: CVE-2016-10798)

The vulnerability allows a remote authenticated user to read and manipulate data.

cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).

2) Improper access control (CVE-ID: CVE-2016-10799)

The vulnerability allows a local authenticated user to manipulate data.

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).

3) Input validation error (CVE-ID: CVE-2016-10800)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).

4) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2016-10801)

The vulnerability allows a remote authenticated user to execute arbitrary code.

cPanel before 58.0.4 has improper session handling for shared users (SEC-139).

5) Improper access control (CVE-ID: CVE-2016-10802)

The vulnerability allows a remote authenticated user to execute arbitrary code.

cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).

6) Information disclosure (CVE-ID: CVE-2016-10797)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).

Install update from vendor's website.