Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0490

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0490
Last Modified 05 Sep 2008 04:38:33
Published 18 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0490

Summary

cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.

Vulnerable Systems

Application

  • Cpanel 5.0

  • Cpanel 5.3

  • Cpanel 6.0

  • Cpanel 6.2

  • Cpanel 6.4

  • Cpanel 6.4.1

  • Cpanel 6.4.2

  • Cpanel 6.4.2 Stable 48

  • Cpanel 7.0

  • Cpanel 8.0

  • Cpanel 9.0

  • Cpanel 9.1

  • Cpanel 9.1.0 R85


References

XF - cpanel-modphpsuexec-execute-commands(16239)

BID - 10407

BUGTRAQ - 20040524 cPanel mod_phpsuexec Vulnerability

MISC - http://www.securiteam.com/tools/5TP0N15CUA.html

MISC - http://www.a-squad.com/audit/explain10.html

CONFIRM - http://bugzilla.cpanel.net/show_bug.cgi?id=664

MISC - http://bugzilla.cpanel.net/show_bug.cgi?id=283


Last Updated: 27 May 2016 10:38:37