cPanel Security Advisory - 2004-10-19-01
Package name: FrontPage Extensions, cPanel Backup
Summary: Cross Link security vulerability
Date: 19 Oct 2004
Affected Versions: cPanel v 9.9.3 and older
Package description:
FrontPage Extensions:
Server extensions that allow FrontPage users to communicate and publish their website to the server running the FrontPage Extensions.
cPanel Backup:
The core program that controls backups made from cPanel.
Problem description:
Frontpage extenstions:
Karol Wiêsek <appelast drumnbass art pl> discovered a vulnerability where a user could use a hardlink to change ownership and or chmod() of a file not owned by the user.
cPanel Backup:
Karol Wiêsek <appelast drumnbass art pl> discovered a vulnerability where a user could use a hardlink to change ownership and or chmod() of a file not owned by the user.
Action:
We recommend all users to update to the latest Edge or Current version of cPanel. (Stable/Release will be released later today/tomorrow after further testing)
Location:
Can be updated directly from WHM under Update to Latest Version if user has Update Preference set to Edge or Current. Can also be updated from shell by running /scripts/upcp as root.
Automatic update:
All users using automatic updates will be updated tonight automatically.
About cPanel:
cPanel & WebHost Manager (WHM) is a next generation web hosting control panel system. Both cPanel & WHM are extremely feature rich and include an easy to use web based interface (GUI).
Please note that all security issues should be sent to security [at] cpanel.net
