---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: cPanel Password Change Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA16362 VERIFY ADVISORY: http://secunia.com/advisories/16362/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: >From remote SOFTWARE: cPanel 10.x http://secunia.com/product/5280/ DESCRIPTION: IHS has discovered a security issue in cPanel, which may allow malicious users to gain escalated privileges. The security issue is caused due to an error in handling of user password changes and can be exploited by a malicious user to gain access with root user privileges. Successful exploitation allows a user to access features that are normally only accessible to privileged users (e.g. create/change files on web sites hosted by other domains), but requires that the user unknowingly changes his password to be the same as the root password and subsequently changes it again. The security issue has been confirmed in version 10.2.0-R82 and has also been reported in version 10.4.0-EDGE 254. Other versions may also be affected. SOLUTION: Use a strong root password. PROVIDED AND/OR DISCOVERED BY: Iran Hackers Sabotage ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------