PT-2004-1641 · Php+3 · Mod Php+3

Published

2004-06-08

Updated

2017-07-11

CVE-2004-0529

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cPanel versions prior to the version with the fixed suexec program

Description The issue allows local users to execute untrusted shared scripts and gain privileges when the modified suexec program in cPanel is configured for mod php and compiled for Apache 1.3.31 and earlier without mod phpsuexec. This can be demonstrated using scripts such as proftpdvhosts or addalink.cgi.

Recommendations For cPanel versions prior to the version with the fixed suexec program, update the suexec program to prevent local users from executing untrusted shared scripts and gaining privileges.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0529

Affected Products

Apache

Cpanel

Mod Php

Proftpd

PT-2004-1641 · Php+3 · Mod Php+3

CVE-2004-0529

Related Identifiers

Affected Products

References · 7