Newer Cpanel Sploit

posted by pingywon
..:::UPDATE:::..
Look at bottom of post for new updates

There is a rather (not completely) new Cpanel exploit which will compromise Linux/Apache boxes (imagine that – IIS actually not being effected)

.:read Fullnews for story and link:.
:CpanelSploit:.

SEVERITY:

High, Arbitrary Execution as Arbitrary User

PROBLEM DESCRIPTION:

Flaws in how Apache’s suexec binary has been patched by cPanel when configured for mod_php, in conjuction with cPanel’s creation of some perl scripts that are not taint clean, allow for any user to execute arbitrary code as any other user with uid above UID_MIN ( uid >= 100).

IMPACT:

Unfortunately, cPanel comes with mod_php installed by default, so all systems are vulnerable right out of the box. Any local user can comprimise the whole system.

SYSTEMS AFFECTED:

All systems where Apache has been compiled WITHOUT mod_phpsuexec, (most systems using cPanel software), are vulnerable. Those configurations that compiled Apache WITH mod_phpsuexec are NOT

VULNERABLE.

Apache versions 1.3.31 and below are VULNERABLE.

All cPanel versions (STABLE, RELEASE, CURRENT, and
EDGE) up through and including 9.3.0-EDGE_95 are VULNERABLE.

RedHat 7.3, 8.0, 9, and Enterprise Linux, Fedora, and FreeBSD OS have been verified vulnerable. All others are probably vulnerable too.

PROOF OF CONCEPT:

See top of post for php download

~pingywon ya heard it hear second

Leave a Reply