cPanel Resetpass Remote Command Execution Vulnerability
BID:9848
Info
cPanel Resetpass Remote Command Execution Vulnerability
| Bugtraq ID: | 9848 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 11 2004 12:00AM |
| Updated: | Mar 11 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Arab VieruZ <[email protected]>. |
| Vulnerable: |
cPanel cPanel 9.1 cPanel cPanel 9.0 cPanel cPanel 8.0 cPanel cPanel 7.0 cPanel cPanel 6.4.2 .STABLE_48 cPanel cPanel 6.4.2 cPanel cPanel 6.4.1 cPanel cPanel 6.4 cPanel cPanel 6.2 cPanel cPanel 6.0 cPanel cPanel 5.3 cPanel cPanel 5.0 |
| Not Vulnerable: | |
Discussion
cPanel Resetpass Remote Command Execution Vulnerability
A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords.
An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.
A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords.
An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.
Exploit / POC
cPanel Resetpass Remote Command Execution Vulnerability
The following proof of concept has been supplied:
http://www.example.com:2082/resetpass/?user=|">ls"|
The following proof of concept has been supplied:
http://www.example.com:2082/resetpass/?user=|">ls"|
Solution / Fix
cPanel Resetpass Remote Command Execution Vulnerability
Solution:
The vendor has released a fix to address this issue for customers using EDGE and CURRENT versions. The vendor has outlined that affected customers should perform the following to update their product:
Perform the following as root from the shell.
# /scripts/upcp
This should update the cPanel and WHM package to the latest version.
Solution:
The vendor has released a fix to address this issue for customers using EDGE and CURRENT versions. The vendor has outlined that affected customers should perform the following to update their product:
Perform the following as root from the shell.
# /scripts/upcp
This should update the cPanel and WHM package to the latest version.
References
cPanel Resetpass Remote Command Execution Vulnerability
References:
References:
- cPanel Homepage (cPanel)
- Cpanel 8.*.* have a problem ? (Arab VieruZ
- cPanel Security Advisory - CPANEL-2004:01-01 ("J. Nick Koston"