Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2014
    Location
    Houston, Texas
    Posts
    46

    TSR 2014-0001 Full Disclosure

    Case 84385

    Summary

    Arbitrary code execution as cpanel-horde user via cache file poisioning.

    Security Rating

    cPanel has assigned a Security Level of Important to this vulnerability.

    Description

    The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default these cache files were stored in the world-writable /tmp directory with predictable names. A malicious local attacker could pre-create the cache files inside /tmp, potentially leading to arbitrary code execution as the cpanel-horde user.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 86341

    Summary

    Arbitrary file read as root during cPanel account creation for ACL limited resellers.

    Security Rating

    cPanel has assigned a Security Level of Important to this vulnerability.

    Description

    An ACL limited reseller could send crafted inputs to WHM's account creation functionality to combine multiple path traversal attacks in the package extensions subsystem. This flaw would store the contents of the destination file into the new account's cpuser file.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10



    Case 86381

    Summary

    Disclosure of root's accesshash to ACL limited resellers via WHM xml-api.

    Security Rating

    cPanel has assigned a Security Level of Important to this vulnerability.

    Description

    Reseller accounts, regardless of their ACLs, were able to retrieve and alter root's accesshash credentials via the get_remote_access_hash XML-API command by supplying empty user and password arguments.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 86453

    Summary

    Injection of arbitrary settings into cpuser files via account creation.

    Security Rating

    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description

    The WHM /scripts5/wwwacctform interface allowed the injection of newlines into the 'locale' and 'cpmod' parameters. These injections could be used to set values in the newly created account's cpuser file that were not permissible with a reseller's ACL restrictions.

    Credits

    This issue was discovered by Rack911.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 86461

    Summary

    Overwriting of trusted inputs to third party hooks scripts.

    Security Rating

    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description

    An ACL limited reseller could provide additional form inputs to WHM's create and modify account interfaces containing null bytes in the parameter name. When these inputs were passed on to third party hook scripts though an exec() call, the additional parameters would be truncated to match parameter names that are normally anchored in trust for the third party hook scripts.
    Third party hook scripts are provided the raw inputs to the functions they extend and are responsible for validating these inputs. Since null bytes do not transfer through the hook script interface correctly, any form parameter names submitted with null bytes will now result in an error.

    Credits

    This issue was discovered by Rack911.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 86857

    Summary

    Limited arbitrary file overwrite for ACL limited resellers via domain parking.

    Security Rating

    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description

    The owner parameter to the WHM /scripts/park interface was not correctly validated. By injecting a path traversal attack into this parameter, reseller accounts with the 'park-dns' ACL could overwrite arbitrary files on the system with a Perl storable file with predictable contents.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 87317

    Summary

    Arbitrary code execution as root for ACL limited resellers via cluster configuration interfaces.

    Security Rating

    cPanel has assigned a Security Level of Important to this vulnerability.

    Description

    Resellers with the 'clustering' ACL could inject data using newlines and NUL bytes into the form parameters of the cluster configuration interfaces. This flaw could then be leveraged to execute arbitrary code as root via string eval()s in various other interfaces.

    Credits

    This issue was discovered by Rack911.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 87433

    Summary

    Injection of arbitrary settings into cpuser files via mxcheck setting.

    Security Rating

    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description

    The WHM /script2/savemx and /cgi/zoneeditor.cgi interfaces allowed resellers with the "edit-mx" or "edit-dns" ACLs to modify the mxcheck setting for accounts under their control. By injecting newlines into this setting, a malicious reseller could alter other settings for the account that are stored in the account's cpuser file.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 87437

    Summary

    ACL limited resellers allowed to disable digest authentication for arbitrary accounts.

    Security Rating

    cPanel has assigned a Security Level of Minor to this vulnerability.

    Description

    Due to a lack of ACL enforcement, an ACL limited reseller could disable digest authentication for any account on the system using WHM's XML-API. The ACL protections for this functionality have been updated to require that ACL limited resellers own any accounts they modify in this fashion.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 87625

    Summary

    ACL limited resellers allowed to restore backups for the accounts they control.

    Security Rating

    cPanel has assigned a Security Level of Minor to this vulnerability.

    Description

    The WHM XML-API allowed all resellers to restore backups for any accounts they own. The equivalent functionality in WHM's HTML interfaces restricted the ability to restore accounts from backups to resellers with the "all" ACL.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 88061

    Summary

    Mis-assignment of IP addresses for ACL limited resellers via createacct.

    Security Rating

    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description

    With certain combinations of IP delegations and free IP address space, reseller accounts with the 'add-pkg-ip' ACL could install new accounts onto IP addresses delegated to another reseller. This might allow a malicious reseller account to capture web traffic intended for other accounts on the system.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Case 88341

    Summary

    Arbitrary code execution for ACL limited resellers during account creation.

    Security Rating

    cPanel has assigned a Security Level of Important to this vulnerability.

    Description

    A flaw in the new account creation process resulted in the Ruby 'gem' command running with the effective UID of the newly created user and the real UID of root. A malicious reseller account could leverage this flaw to execute arbitrary Ruby code with root's UID during the account creation process.

    Credits

    This issue was discovered by the cPanel Security Team.

    Solution

    This issue is resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16



    Multiple Cases (55)

    Summary

    Multiple XSS vulnerabilities in various interfaces.

    Description

    Output filtering errors in several different interfaces allowed JavaScript inputs to be returned to the browser without proper filtering. The affected interfaces are listed below.

    Case: 84633
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/htaccess/deluser.html, /frontend/x3/indexmanager/changepro.html, /frontend/x3/indexmanager/dohtaccess.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 84877
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts3/initial_setup_wizard4
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84881
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/mail/def.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84885
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /x3/mail/filters/editfilter.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Matthew

    Case: 84893
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/conf.html, /frontend/x3/mail/saveconf.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84897
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/stats/detailsubbw.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84901
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/cpanelpro/filelist-thumbs.html, /frontend/paper_lantern/cpanelpro/filelist-thumbs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 85029
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/csvimport.html, /frontend/x3/mail/csvimport-step2.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Shubham Mittal

    Case: 85133
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/filemanager/editit.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Shubham Mittal

    Case: 85177
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/cgi/Clock/docode.html, /frontend/x3/cgi/Countdown/docode.htm, /frontend/x3/cgi/Counter/docode.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Paweł Hałdrzyński

    Case: 85229
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/psql/deldb.html, /frontend/x3/psql/deldb.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 85249
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/psql/addusertodb.html, /frontend/x3/psql/addusertodb.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 85273
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mime/addhotlink.html
    Affected Releases: 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 85457
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/editmsgs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Ankit Mittal

    Case: 85461
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/showq.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Ankit Mittal

    Case: 85589
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts2/dotweaksettings
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Ernesto Martin

    Case: 85977
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts/addpkg2
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Olivier Beg

    Case: 85985
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts2/edit_sourceipcheck, /x3/security/security-questions.html, /paper_lantern/security/security-questions.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Olivier Beg

    Case: 86329
    Security Rating: Important
    XSS Type: Stored
    Interface: WHM
    URLs: /scripts/doeditmx
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 87081
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mime/add_redirect.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: SimranJeet Singh

    Case: 87417
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/err/erredit.html, /frontend/x3/filemanager/editit.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: SimranJeet Singh

    Case: 87457
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /cgi/cpaddons_feature.pl
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88093
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/fullbackup.html, /frontend/x3/backup/wizard-fullbackup.html, /frontend/paper_lantern/backup/fullbackup.html, /frontend/paper_lantern/backup/wizard-fullbackup.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88097
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/doupload.html, /frontend/paper_lantern/backup/doupload.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88129
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/dosqlupload.html, /frontend/paper_lantern/backup/dosqlupload.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88133
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/doafupload.html, /frontend/paper_lantern/backup/doafupload.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88137
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/wizard-dofullbackup.html, /frontend/x3/backup/dofullbackup.html, /frontend/paper_lantern/backup/wizard-dofullbackup.html, /frontend/paper_lantern/backup/dofullbackup.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88141
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/denyip/add.html, /frontend/x3/denyip/add.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88145
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/denyip/del.html, /frontend/x3/denyip/del.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88149
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/denyip/index.html, /frontend/x3/denyip/index.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88153
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/filelist-convert.html, /frontend/paper_lantern/cpanelpro/filelist-scale.html, /frontend/paper_lantern/cpanelpro/filelist-thumbs.html, /frontend/x3/cpanelpro/filelist-convert.html, /frontend/x3/cpanelpro/filelist-scale.html, /frontend/x3/cpanelpro/filelist-thumbs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88157
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/files/savefile.html, /frontend/paper_lantern/files/savefile.html, /frontend/x3/files/savefile.html, /frontend/x3/files/savefile.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88165
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/files/extractfile.html, /frontend/paper_lantern/files/extractfile.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88173
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/files/showfile.html, /frontend/x3/files/showfile.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88181
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/fp/addfp.html, /frontend/paper_lantern/fp/delfp.html, /frontend/x3/fp/addfp.html, /frontend/x3/fp/delfp.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88209
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/htaccess/leechprotect/dohtaccess.html, /frontend/paper_lantern/htaccess/leechprotect/doleech.html, /frontend/x3/htaccess/leechprotect/dohtaccess.html, /frontend/x3/htaccess/leechprotect/doleech.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88213
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/net/dnslook.html, /frontend/x3/net/dnslook.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88229
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/park/dodelparked.html, /frontend/x3/park/dodelparked.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88253
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/psql/deluserfromdb.html, /frontend/x3/psql/deluserfromdb.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88257
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/stats/analog.html, /frontend/x3/stats/analog.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88261
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/addon/saveredirect.html, /frontend/x3/addon/saveredirect.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88265
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/subdomain/doadddomain.html, /frontend/x3/subdomain/doadddomain.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88269
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/addoncgi/cpaddons.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88277
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/sql/PhpMyAdmin.html, /frontend/paper_lantern/backup/index.html, /frontend/x3/sql/PhpMyAdmin.html, /frontend/x3/backup/index.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88281
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/queuesearch.html, /frontend/x3/mail/queuesearch.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88285
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/changestatus.html, /frontend/x3/cpanelpro/changestatus.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88289
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/editmsg.html, /frontend/x3/mail/editmsg.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88293
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/editmsgs.html, /frontend/x3/cpanelpro/editmsgs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88297
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/msgaction.html, /frontend/x3/cpanelpro/msgaction.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88301
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/resetmsg.html, /frontend/x3/mail/resetmsg.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88305
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/conf.html, /frontend/x3/mail/conf.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88309
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/showlog.html, /frontend/x3/mail/showlog.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88313
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/showmsg.html, /frontend/x3/mail/showmsg.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88321
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/editlists.html, /frontend/x3/cpanelpro/editlists.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88325
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/conf.html, /frontend/x3/mail/conf.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    cPanel includes a comprehensive protection mechanism against XSS and XSRF attacks called Security Tokens. Security Tokens protection is enabled by default in all installs of cPanel & WHM. When Security Tokens protection is enabled, an attacker intending to utilize any self-XSS vulnerabilities must convince the victim to navigate their browser to the appropriate cPanel or WHM interface and manually input the JavaScript payload.

    Credits

    These issues were discovered by the respective reporters listed above.

    Solution

    These issues are resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    There we have it folks, make sure you have upgraded.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,387
    Blimey that's a big list. Thanks for posting guys and keep up the good work.
    Licensecart - We only sell High Quality licenses
    Visit us @ Licensecart.com ~ sales(➾)licensecart.com ~ webhostbundle.com
    WHT isn't what it used to be… power changes people :]

Similar Threads

  1. cPanel TSR-2014-0001 Announcement
    By cPanelSecurityTeam in forum Vulnerabilities
    Replies: 4
    Last Post: 02-04-2014, 01:16 PM
  2. WHMCS Security Advisory TSR-2014-0001
    By Steven in forum Hosting Software and Control Panels
    Replies: 53
    Last Post: 01-22-2014, 10:44 PM
  3. cPanel TSR-2013-0011 Full Disclosure
    By Patrick in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 12-18-2013, 06:05 PM
  4. cPanel TSR 2013-0010 Full Disclosure
    By Steven in forum Hosting Security and Technology
    Replies: 0
    Last Post: 10-26-2013, 01:06 PM
  5. cPanel Security Disclosure TSR-2013-0007
    By Technolojesus in forum Hosting Security and Technology
    Replies: 12
    Last Post: 06-26-2013, 09:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •