Jump to content

cPanel TSR 2014-0002 Full Disclosure


Administrator
 Share

Recommended Posts

cPanel TSR 2014-0002 Full Disclosure

Case 89985

Summary

Disclosure of cpanel-horde’s MySQL password due to world-readable backups.

Security Rating

cPanel has assigned a Security Level of Important to this vulnerability.

Description

During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is created. This backup tarball was created in a world-accessible directory with world-readable permissions, allowing local accounts to see the MySQL password for the shared cpanel-horde user.

Credits

This issue was discovered by Rack911.

Solution

This issue is resolved in the following builds:
11.42.0.6

For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2014/02/TSR-2014-0002-Full-Disclosure.txt.



View the full article
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...