posted by pingywon
..:::UPDATE:::..
Look at bottom of post for new updates
There is a rather (not completely) new Cpanel exploit which will compromise Linux/Apache boxes (imagine that – IIS actually not being effected)
.:read Fullnews for story and link:.
:CpanelSploit:.
SEVERITY:
High, Arbitrary Execution as Arbitrary User
PROBLEM DESCRIPTION:
Flaws in how Apache’s suexec binary has been patched by cPanel when configured for mod_php, in conjuction with cPanel’s creation of some perl scripts that are not taint clean, allow for any user to execute arbitrary code as any other user with uid above UID_MIN ( uid >= 100).
IMPACT:
Unfortunately, cPanel comes with mod_php installed by default, so all systems are vulnerable right out of the box. Any local user can comprimise the whole system.
SYSTEMS AFFECTED:
All systems where Apache has been compiled WITHOUT mod_phpsuexec, (most systems using cPanel software), are vulnerable. Those configurations that compiled Apache WITH mod_phpsuexec are NOT
VULNERABLE.
Apache versions 1.3.31 and below are VULNERABLE.
All cPanel versions (STABLE, RELEASE, CURRENT, and
EDGE) up through and including 9.3.0-EDGE_95 are VULNERABLE.
RedHat 7.3, 8.0, 9, and Enterprise Linux, Fedora, and FreeBSD OS have been verified vulnerable. All others are probably vulnerable too.
PROOF OF CONCEPT:
See top of post for php download
~pingywon ya heard it hear second