Fair Use: Please note that use of the Netcraft Blog is subject to our Fair Use and Copyright policies. For more information, please visit http://news.netcraft.com/fair-use-copyright, or email info@netcraft.com.

cPanel Vulnerability Disclosed

A vulnerability has been discovered in cPanel's WebHost Manager reseller control panel, which could be exploited to allow malicious users to run some commands as root (superuser).

The exploit affects a feature in WebHost Manager through which resellers can let their users retrieve lost or forgotten passwords via email. The setting, found in WebHost Manager in the "Tweak Settings" section, "is built into all compiled cPanel binaries and as such can not be patched," according to an advisory on the BugTraq mailing list, which includes instructions on addressing the vulnerability.

cPanel is found on about 1.4 million hostnames worldwide. The software is widely used by many large hosting companies, especially those offering dedicated servers. Its user-friendly interface automates many elements of web site management for resellers and customers. The issue affects versions up to 9.1.0 build 34. All builds released after that have been fixed.

Posted by Rich Miller on 12th March, 2004 in Hosting, Security

Advertisers Directory

Rackspace Hosting
Compare the Best Web Hosting Companies
INetU Managed Hosting - Dedicated Servers
Windows Dedicated Servers from Server Intellect
Business Web Hosting Services - webhosting.uk.com
Web Hosting - Dedicated Servers & VPS Hosting
Managed Hosting - PCI Compliance by NeoSpire
PEER 1 UK Hosting - Web Hosting & Managed Hosting
PEER 1 Web Hosting - Managed Servers in the UK
Bespoke European SEO Hosting - Over 150 C-Classes
Best SEO Pay For Performance SEO
Best Web Hosting and Dedicated Server by micfo
SSL Certificates from 15 EURO per year

cPanel Vulnerability Disclosed

Advertisers Directory

Your link here? Advertising on the Netcraft Blog.