Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1603

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1603
Last Modified 05 Sep 2008 04:41:51
Published 18 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1603

Summary

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

Vulnerable Systems

Application

  • Cpanel 9.4.1 R64


References

BID - 11455

BID - 11449

SECUNIA - 12865

XF - cpanel-htaccess-modify-ownership(17780)

XF - cpanel-backup-view-file(17779)

BUGTRAQ - 20041018 cPanel hardlink chown issue

BUGTRAQ - 20041018 cPanel hardlink backup issue


Last Updated: 27 May 2016 10:39:06