cPanel的本地权限提升漏洞

漏洞信息详情

cPanel的本地权限提升漏洞

漏洞简介

cPanel在用mod_phpsuexec编译Apache 1.3.29和PHP时候不设置–enable-discard-path选项,并导致php去使用SCRIPT_FILENAME变量而不是PATH_TRANSLATED变量来发现和执行脚本。本地用户可以和其他用户一样通过在用户脚本之后引用攻击者脚本的URL执行PHP代码,该漏洞使用用户权限来执行攻击者脚本,该漏洞不同于CVE-2004-0529。

漏洞公告

It is reported that cPanel has addressed this issue. Customers are advised to contact the vendor for further details regarding obtaining and applying fixes. It is reported that only Apache configurations compiled before April 15, 2004 are vulnerable.

参考网址

来源: XF
名称: cpanel-modphpsuexec-execute-commands(16239)
链接:http://xforce.iss.net/xforce/xfdb/16239

来源: BID
名称: 10407
链接:http://www.securityfocus.com/bid/10407

来源: BUGTRAQ
名称: 20040524 cPanel mod_phpsuexec Vulnerability
链接:http://www.securityfocus.com/archive/1/364112

来源: www.securiteam.com
链接:http://www.securiteam.com/tools/5TP0N15CUA.html

来源: www.a-squad.com
链接:http://www.a-squad.com/audit/explain10.html

来源: bugzilla.cpanel.net
链接:http://bugzilla.cpanel.net/show_bug.cgi?id=664

来源: bugzilla.cpanel.net
链接:http://bugzilla.cpanel.net/show_bug.cgi?id=283

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享