cPanel – Horde Backup Archive Insecure File Permissions (R911-0125)

Type: Insecure File Permissions
Location: Local
Impact: Medium
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: 11.42.0.4
Fixed Version: 11.42.0.6
CVE: -
R911: 0125
Date: 2014-02-14
By: Rack911

Product Description

cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the cPanel software, often used by resellers and system administrators.

Vulnerability Description

Due to a backup archive being stored with world readable permissions, it is possible for a malicious user to obtain the MySQL password for the Horde database.

Impact

We have deemed this vulnerability to be rated as MEDIUM due to the fact that some sensitive information in the Horde database can be obtained.

Vulnerable Version

This vulnerability was tested against cPanel 11.42.0.4.

Fixed Version

This vulnerability was patched in cPanel 11.42.0.6.

Vendor Contact Timeline

2014-02-05: Vendor contacted via email.
2014-02-05: Vendor confirms vulnerability.
2014-02-12: Vendor issues updates to all builds.
2014-02-14: Rack911 issues security advisory.