cPanel Vulnerability Disclosed

A vulnerability has been discovered in cPanel's WebHost Manager reseller control panel, which could be exploited to allow malicious users to run some commands as root (superuser).

The exploit affects a feature in WebHost Manager through which resellers can let their users retrieve lost or forgotten passwords via email. The setting, found in WebHost Manager in the "Tweak Settings" section, "is built into all compiled cPanel binaries and as such can not be patched," according to an advisory on the BugTraq mailing list, which includes instructions on addressing the vulnerability.

cPanel is found on about 1.4 million hostnames worldwide. The software is widely used by many large hosting companies, especially those offering dedicated servers. Its user-friendly interface automates many elements of web site management for resellers and customers. The issue affects versions up to 9.1.0 build 34. All builds released after that have been fixed.

Posted by Rich Miller at 12 March 2004 in Hosting, Security | Print this Page



Rackspace Managed Hosting - Web Hosting - Hosting	Swishmail.com Business Email Hosting	Compare the Best Web Hosting Companies
INetU Managed Hosting - Dedicated Servers	Windows Dedicated Servers from Server Intellect	Reseller hosting Managed dedicated server Ahosting
Business Web Hosting Services - webhosting.uk.com	Web Hosting - Dedicated Servers & VPS Hosting	Managed Hosting - PCI Compliance by NeoSpire

cPanel Vulnerability Disclosed

Netcraft Services

Phishing & Security

Internet Data Mining

Internet Exploration

Performance

Advertising

About Netcraft

Contact Us

Article Categories

Archives