posted by pingywon
Look at bottom of post for new updates
There is a rather (not completely) new Cpanel exploit which will compromise Linux/Apache boxes (imagine that – IIS actually not being effected)
.:read Fullnews for story and link:.
High, Arbitrary Execution as Arbitrary User
Flaws in how Apache’s suexec binary has been patched by cPanel when configured for mod_php, in conjuction with cPanel’s creation of some perl scripts that are not taint clean, allow for any user to execute arbitrary code as any other user with uid above UID_MIN ( uid >= 100).
Unfortunately, cPanel comes with mod_php installed by default, so all systems are vulnerable right out of the box. Any local user can comprimise the whole system.
All systems where Apache has been compiled WITHOUT mod_phpsuexec, (most systems using cPanel software), are vulnerable. Those configurations that compiled Apache WITH mod_phpsuexec are NOT
Apache versions 1.3.31 and below are VULNERABLE.
All cPanel versions (STABLE, RELEASE, CURRENT, and
EDGE) up through and including 9.3.0-EDGE_95 are VULNERABLE.
RedHat 7.3, 8.0, 9, and Enterprise Linux, Fedora, and FreeBSD OS have been verified vulnerable. All others are probably vulnerable too.
PROOF OF CONCEPT:
See top of post for php download
~pingywon ya heard it hear second