Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2825

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2825
Last Modified 15 Nov 2008 01:18:10
Published 05 Jun 2006 01:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2825

Summary

cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.

Vulnerable Systems

Application

  • Cpanel


References

XF - cpanel-openbasedir-security-bypass(26613)

OSVDB - 31835

BUGTRAQ - 20060520 cPanel OpenBaseDir Bypass

SREASON - 1039


Last Updated: 27 May 2016 10:42:46