cPanel mod_phpsuexec allows command execution
| cpanel-modphpsuexec-execute-commands (16239) |  High Risk |
Description:
cPanel could allow a local attacker to execute arbitrary commands on the system, caused by a vulnerability when the mod_phpsuexec option, which is not enabled by default, is used to compile Apache HTTP Server. A local attacker could use this vulnerability to execute arbitrary commands on the system with privileges of any user, including root.
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of Apache (1.3.31 or later), available from the Apache Web site. See References.
References:
- Apache HTTP Server Project Web site: Welcome! - The Apache HTTP Server Project.
- BugTraq Mailing List, Sun May 23 2004 - 22:08:42 CDT: cPanel mod_phpsuexec Vulnerability.
- cPanel Inc. Web site: cPanel.
- BID-10407: cPanel Local Privilege Escalation Vulnerability
- CVE-2004-0490: cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
Platforms Affected:
- cPanel cPanel
Reported:
May 23, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net