| VID |
22296 |
| Severity |
30 |
| Port |
2082 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The cPanel, according to the version number, has FrontPage Extension File Permission Change Vulnerability.
cPanel is a Web-based management interface for Linux-based operating systems. Several cPanel versions allow a remote authenticated attacker to change the permission of arbitrary files, caused by a flaw in the FrontPage Extension. cPanel allows users to turn of/off FrontPage Extension with root privilege. In this process, the special '_private' directory is created and then the permission of the file is changed to the "755". To exploit this flaw, an attacker could create a symlink from a critical file on the system to the '_private' directory, which would cause the linked file's permission to be changed to be the "755".
* Note: This check solely relied on the version number of the remote cPanel to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/378636
* Platforms Affected:
cPanel Inc, 9.9.1-RELEASE-64 and possible earlier versions
Linux Any version |
| Recommendation |
Upgrade to the latest version fixed this issue through WHM or by executing '/scripts/upcp' in a root shell. For more information, see the cPanel Inc.'s web site at http://www.cpanel.net/ |
| Related URL |
CVE-2004-1603 (CVE) |
| Related URL |
11456 (SecurityFocus) |
| Related URL |
(ISS) |
|
