cPanel Vulnerability Disclosed

A vulnerability has been discovered in cPanel's WebHost Manager reseller control panel, which could be exploited to allow malicious users to run some commands as root (superuser).

The exploit affects a feature in WebHost Manager through which resellers can let their users retrieve lost or forgotten passwords via email. The setting, found in WebHost Manager in the "Tweak Settings" section, "is built into all compiled cPanel binaries and as such can not be patched," according to an advisory on the BugTraq mailing list, which includes instructions on addressing the vulnerability.

cPanel is found on about 1.4 million hostnames worldwide. The software is widely used by many large hosting companies, especially those offering dedicated servers. Its user-friendly interface automates many elements of web site management for resellers and customers. The issue affects versions up to 9.1.0 build 34. All builds released after that have been fixed.

Posted by Rich Miller at 12 March 2004 in Hosting, Security | Print this Page



Rackspace Managed Hosting - Web Hosting - Hosting	Swishmail.com Business Email Hosting	Apollo Hosting - VPS, Ecommerce & Website Hosting
INetU Managed Hosting - Dedicated Servers	DataPipe - Personal Touch, Global Reach	Web Hosting - Website Source - Ecommerce, VPS
Reseller hosting Managed dedicated server Ahosting	Web Hosting and Reseller Hosting By HostDepartment	Web Hosting UK - VPS Hosting Dedicated Server
Web Site Hosting - Network Solutions

cPanel Vulnerability Disclosed

Netcraft Services

Phishing & Security

Internet Data Mining

Internet Exploration

Performance

Advertising

About Netcraft

Contact Us

Article Categories

Archives