| VID |
22294 |
| Severity |
30 |
| Port |
2082 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The cPanel, according to the version number, has a Backup Module File Disclosure Vulnerability.
cPanel is a Web-based management interface for Linux-based operating systems. Several cPanel versions allow a remote authenticated attacker to read arbitrary files, caused by a flaw in the cPanel backup module. By creating a hardlink from a critical file on the system to the attacker's directory and then execute the backup function, an attacker could cause the linked file to be added to the backup archive, which would a remote authenticated attacker to read arbitrary files on the target system.
* Note: This check solely relied on the version number of the remote cPanel to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2004/Oct/1011762.html
http://www.securityfocus.com/archive/1/378638
* Platforms Affected:
cPanel Inc, 9.4.1-RELEASE-64 and possible earlier versions
Linux Any version |
| Recommendation |
Upgrade to the latest version fixed this issue through WHM or by executing '/scripts/upcp' in a root shell. For more information, see the cPanel Inc.'s web site at http://www.cpanel.net/ |
| Related URL |
CVE-2004-1603 (CVE) |
| Related URL |
11449 (SecurityFocus) |
| Related URL |
(ISS) |
|
