CVE-2003-1426

Name of the Vulnerable Software and Affected Versions cPanel version 5.0

Description The issue allows local users to execute arbitrary code by modifying the SCRIPT FILENAME environment variable to reference a directory containing a malicious openwebmail-shared.pl executable. This is possible because Openwebmail in cPanel, when run using suid Perl, adds the directory in the SCRIPT FILENAME environment variable to Perl's @INC include array.

Recommendations For cPanel version 5.0, consider restricting access to the openwebmail-shared.pl executable until a patch is available. As a temporary workaround, avoid using suid Perl to run Openwebmail. At the moment, there is no information about a newer version that contains a fix for this vulnerability.