| VID |
22295 |
| Severity |
30 |
| Port |
2082 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The cPanel, according to the version number, has a FrontPage Extension File Ownership Change Vulnerability.
cPanel is a Web-based management interface for Linux-based operating systems. Several cPanel versions allow a remote authenticated attacker to obtain ownership of arbitrary files, caused by a flaw in the FrontPage Extension. cPanel allows users to turn of/off FrontPage Extension with root privilege. In this process, the special '.htaccess' file is created and then the ownership of the file is changed to the target user. To exploit this flaw, an attacker could create a hardlink from a critical file on the system to the '.htaccess' file, which would cause the linked file's ownership to be changed to be that of the attacker.
* Note: This check solely relied on the version number of the remote cPanel to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2004/Oct/1011762.html
http://www.securityfocus.com/archive/1/378639
* Platforms Affected:
cPanel Inc, 9.4.1-RELEASE-64 and possible earlier versions
Linux Any version |
| Recommendation |
Upgrade to the latest version fixed this issue through WHM or by executing '/scripts/upcp' in a root shell. For more information, see the cPanel Inc.'s web site at http://www.cpanel.net/ |
| Related URL |
CVE-2004-1603 (CVE) |
| Related URL |
11455 (SecurityFocus) |
| Related URL |
(ISS) |
|
