SYSCP System Control Panel CronJob Arbitrary Code Execution Vulnerability

Bugtraq ID:	22453
Class:	Design Error
CVE:	CVE-2007-0849
Remote:	Yes
Local:	No
Published:	Feb 07 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Daniel Schulte is credited with the discovery of this issue.
Vulnerable:	SysCP SysCP 1.2.15
Not Vulnerable:	SysCP SysCP 1.2.16

SYSCP System Control Panel CronJob Arbitrary Code Execution Vulnerability

SysCP is prone to an arbitrary code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the compromise of the computer.

NOTE: To exploit this issue, an attacker must have authenticated access to a customer control panel.

SYSCP System Control Panel CronJob Arbitrary Code Execution Vulnerability

Using the application to protect a directory with the following directory structure will result in the MySQL root password being copied to the user's home directory:

"; cp /var/www/syscp/lib/userdata.inc.php /var/[user]/webs/web1/; ls "

SYSCP System Control Panel CronJob Arbitrary Code Execution Vulnerability

Solution:
The vendor has released version 1.2.16 to address this issue. Please see the references for more information.


SysCP SysCP 1.2.15

• SysCP syscp-1.2.16.tar.gz
  http://files.syscp.org/releases/tgz/syscp-1.2.16.tar.gz

SYSCP System Control Panel CronJob Arbitrary Code Execution Vulnerability

References:

• Home Page (SysCP)
  
• Ability to inject and execute any code as root in SysCP (Florian Lippert )