PT-2004-1641 · Php+3 · Mod Php+3

Publicado

2004-06-08

Atualizado

2017-07-11

CVE-2004-0529

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cPanel versions prior to the version with the fixed suexec program

Description The issue allows local users to execute untrusted shared scripts and gain privileges when the modified suexec program in cPanel is configured for mod php and compiled for Apache 1.3.31 and earlier without mod phpsuexec. This can be demonstrated using scripts such as proftpdvhosts or addalink.cgi.

Recommendations For cPanel versions prior to the version with the fixed suexec program, update the suexec program to prevent local users from executing untrusted shared scripts and gaining privileges.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0529

Produtos afetados

Apache

Cpanel

Mod Php

Proftpd

PT-2004-1641 · Php+3 · Mod Php+3

CVE-2004-0529

Identificadores relacionados

Produtos afetados

Referências · 7