{"id":10660,"date":"2019-01-23T01:58:15","date_gmt":"2019-01-23T01:58:15","guid":{"rendered":"http:\/\/news.cpanel.com\/?p=55661"},"modified":"2019-01-23T01:58:15","modified_gmt":"2019-01-23T01:58:15","slug":"cpanel-tsr-2019-0001-full-disclosure","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cpanel-tsr-2019-0001-full-disclosure\/","title":{"rendered":"cPanel TSR-2019-0001 Full Disclosure"},"content":{"rendered":"<div dir=\"ltr\"><img decoding=\"async\" class=\"ff-og-image-inserted\" src=\"http:\/\/news.cpanel.com\/wp-content\/uploads\/2017\/01\/og-cPnews-1.jpg\" alt=\"\" title=\"\"><\/div>\n<p dir=\"ltr\"><a href=\"https:\/\/news.cpanel.com\/cpanel-tsr-2019-0001-announcement\/\" target=\"_blank\" rel=\"noopener\">Yesterday cPanel released<\/a> new builds for versions 70, 76, and 78. These updates provided targeted changes to address security concerns with the cPanel &amp; WHM product. Below is the full disclosure of the updates that were included in these builds.<\/p>\n<p dir=\"ltr\"><strong>SEC-415<\/strong><\/p>\n<p dir=\"ltr\">Summary<\/p>\n<p dir=\"ltr\">Internal data disclosed to OpenID providers.<\/p>\n<p dir=\"ltr\">Security Rating<\/p>\n<p dir=\"ltr\">cPanel has assigned this vulnerability a CVSSv3 score of 2.2 CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:N<\/p>\n<p dir=\"ltr\">Description<\/p>\n<p dir=\"ltr\">The \u201cstate\u201d parameter passed to OpenID providers during OpenID authentication included connection information that was not necessary for the OpenID provider to authenticate the user. The connection state information is now stored in the user\u2019s session.<\/p>\n<p dir=\"ltr\">Credits<\/p>\n<p dir=\"ltr\">This issue was discovered by the cPanel Security Team.<\/p>\n<p dir=\"ltr\">Solution<\/p>\n<p dir=\"ltr\">This issue is resolved in the following builds:<br \/>\n78.0.2<br \/>\n76.0.18<br \/>\n70.0.63<\/p>\n<p dir=\"ltr\"><strong>SEC-460<\/strong><\/p>\n<p dir=\"ltr\">Summary<\/p>\n<p dir=\"ltr\">Demo accounts allowed to link with OpenID providers.<\/p>\n<p dir=\"ltr\">Security Rating<\/p>\n<p dir=\"ltr\">cPanel has assigned this vulnerability a CVSSv3 score of 4.3 CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N<\/p>\n<p dir=\"ltr\">Description<\/p>\n<p dir=\"ltr\">cPanel and Webmail demo accounts are normally prevented from modifying their own authentication settings. This restriction was not enforced correctly during the initial OpenID handshake performed by cpsrvd. As a result, demo accounts could be linked with an OpenID provider from the login interfaces. Changelog: Demo accounts allowed to link with OpenID providers.<\/p>\n<p dir=\"ltr\">Credits<\/p>\n<p dir=\"ltr\">This issue was discovered by the cPanel Security Team.<\/p>\n<p dir=\"ltr\">Solution<\/p>\n<p dir=\"ltr\">This issue is resolved in the following builds:<br \/>\n78.0.2<br \/>\n76.0.18<br \/>\n70.0.63<\/p>\n<p dir=\"ltr\"><strong>SEC-466<\/strong><\/p>\n<p dir=\"ltr\">Summary<\/p>\n<p dir=\"ltr\">Arbitrary file read via Passenger adminbin.<\/p>\n<p dir=\"ltr\">Security Rating<\/p>\n<p dir=\"ltr\">cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N<\/p>\n<p dir=\"ltr\">Description<\/p>\n<p dir=\"ltr\">When setting up a new Passenger application, the configuration values passed in by the user are not adequately validated. This results in invalid values placed into the Apache configuration file. This can allow for arbitrary data to be read by the user.<\/p>\n<p dir=\"ltr\">Credits<\/p>\n<p dir=\"ltr\">This issue was discovered by the cPanel Security Team.<\/p>\n<p dir=\"ltr\">Solution<\/p>\n<p dir=\"ltr\">This issue is resolved in the following builds:<br \/>\n78.0.2<br \/>\n76.0.18<br \/>\n70.0.63<\/p>\n<p dir=\"ltr\"><strong>SEC-472<\/strong><\/p>\n<p dir=\"ltr\">Summary<\/p>\n<p dir=\"ltr\">Maketext format string injection in Email \u201cstore_filter\u201d UAPI.<\/p>\n<p dir=\"ltr\">Security Rating<\/p>\n<p dir=\"ltr\">cPanel has assigned this vulnerability a CVSSv3 score of 3.3 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N<\/p>\n<p dir=\"ltr\">Description<\/p>\n<p dir=\"ltr\">The Email \u201cstore_filter\u201d UAPI call passes an error message directly as a Locale::Maketext format string. It is possible to craft a filter to manipulate this error message and execute arbitrary code. Changelog: Maketext format string injection in Email \u201cstore_filter\u201d UAPI.<\/p>\n<p dir=\"ltr\">Credits<\/p>\n<p dir=\"ltr\">This issue was discovered by the cPanel Security Team.<\/p>\n<p dir=\"ltr\">Solution<\/p>\n<p dir=\"ltr\">This issue is resolved in the following builds:<br \/>\n78.0.2<br \/>\n76.0.18<\/p>\n<p dir=\"ltr\"><strong>SEC-473<\/strong><\/p>\n<p dir=\"ltr\">Summary<\/p>\n<p dir=\"ltr\">Demo account limited arbitrary file write via DCV UAPI calls.<\/p>\n<p dir=\"ltr\">Security Rating<\/p>\n<p dir=\"ltr\">cPanel has assigned this vulnerability a CVSSv3 score of 5.8 CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:N\/I:L\/A:N<\/p>\n<p dir=\"ltr\">Description<\/p>\n<p dir=\"ltr\">The \u201ccheck_domains_via_http\u201d and \u201censure_domains_can_pass_dcv\u201d UAPI calls in the module are allowed for demo accounts. These calls accept a filename, extension, and a set of allowed characters to write into the DCV file. A demo account can misuse this functionality to create files on the server with limited control over their contents. Changelog: Demo account limited arbitrary file write via DCV UAPI calls.<\/p>\n<p dir=\"ltr\">Credits<\/p>\n<p dir=\"ltr\">This issue was discovered by the cPanel Security Team.<\/p>\n<p dir=\"ltr\">Solution<\/p>\n<p dir=\"ltr\">This issue is resolved in the following builds:<br \/>\n78.0.2<br \/>\n76.0.18<br \/>\n70.0.63<\/p>\n<p dir=\"ltr\"><strong>SEC-474<\/strong><\/p>\n<p dir=\"ltr\">Summary<\/p>\n<p dir=\"ltr\">Maketext format string injection in DCV \u201ccheck_domains_via_dns\u201d UAPI.<\/p>\n<p dir=\"ltr\">For the PGP-signed message, please see <a href=\"http:\/\/news.cpanel.com\/wp-content\/uploads\/2019\/01\/TSR-2019-0001.disclosure.signed.txt\" target=\"_blank\" rel=\"noopener\">TSR-2019-0001 Full Disclosure \u2013 signed.<\/a><\/p>\n<h4 dir=\"ltr\"><strong>More Information<\/strong><\/h4>\n<p dir=\"ltr\">To ensure that you receive up-to-date product news from cPanel, we encourage you to subscribe to the Product and Security updates\u00a0mailing lists:\u00a0<a href=\"https:\/\/cpanel.com\/mailing-list\" target=\"_blank\" rel=\"noopener\">cPanel Mailing List<\/a>.<\/p>\n<p dir=\"ltr\">For the PGP-signed message, please see <a href=\"http:\/\/news.cpanel.com\/wp-content\/uploads\/2019\/01\/TSR-2019-0001.disclosure.signed.txt\" target=\"_blank\" rel=\"noopener\">TSR-2019-0001 Full Disclosure \u2013 signed.<\/a><\/p>\n<p dir=\"ltr\">\u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u0631\u0648\u0631 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0648 \u0645\u0634\u0627\u0648\u0631\u0647 &#8211; \u062b\u0628\u062a \u062f\u0627\u0645\u0646\u0647<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yesterday cPanel released new builds for versions 70, 76, and 78. These updates provided targeted changes to address security concerns with the cPanel &amp; WHM product. Below is the full disclosure of the updates that were included in these builds. SEC-415 Summary Internal data disclosed to OpenID providers. Security Rating cPanel has assigned this vulnerability &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-10660","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/10660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=10660"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/10660\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=10660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=10660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=10660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}