cPanel TSR-2016-0005 Full Disclosure

cPanel TSR-2016-0005 Full Disclosure SEC-141 Summary Code execution as other accounts via mailman list archives. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Description The sticky-group bit applied to mailman’s list archive directories allowed list owners to modify the contents of these directories. This could […]

cPanel TSR-2016-0005 Announcement

cPanel TSR-2016-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

cPanel TSR-2016-0004 Full Disclosure

cPanel TSR-2016-0004 Full Disclosure SEC-130 Summary Apache logfiles start with loose permissions. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:L/AC:L/Au:S/C:P/I:N/A:N) Description The Apache domlogs were originally populated with loose permissions during creation. Credits This issue was discovered by the cPanel Security Team. Solution This issue […]

cPanel TSR-2016-0004 Announcement

cPanel TSR-2016-0004 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

cPanel TSR-2016-0003 Full Disclosure

cPanel TSR-2016-0003 Full Disclosure SEC-58 Summary SQLite journal allowed for arbitrary file overwrite during Horde Restore. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 6.6 (AV:N/AC:H/Au:S/C:C/I:C/A:N) Description During a Horde restore using the old-style CSV data files, the SQLite database is opened as the user. However, actual […]

cPanel TSR-2016-0003 Announcement

cPanel TSR-2016-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

cPanel TSR-2016-0002 Full Disclosure

cPanel TSR-2016-0002 Full Disclosure SEC-31 Summary Daemons can access their controlling TTY. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Description Daemonized code is not fully detached from from its parent process. This allows an attacker to control a TTY they do not own. Credits […]

cPanel TSR-2016-0002 Announcement

cPanel TSR-2016-0002 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores […]

cPanel TSR-2016-0001 Full Disclosure

cPanel TSR-2016-0001 Full Disclosure SEC-46 Summary Arbitrary code execution via unsafe @INC path. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Description The Perl scripts that collectively make up the cPanel & WHM product were not uniformly filtering the current working directory ‘.’ from Perl’s […]