cPanel – LeechProtect Unauthorized Htpasswd Modification (R911-0165)

Type: Content Modification
Location: Local
Impact: Medium
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: All versions prior to the fixed builds below.
Fixed Version: 11.44.1.5, 11.44.0.29, 11.42.1.23 & 11.40.1.18
CVE: -
R911: 0165
Date: 2014-07-28
By: RACK911

Product Description:

cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the cPanel software, often used by resellers and system administrators.

Vulnerability Description:

It is possible for a malicious user to interfere with another users .htpasswds file by modifying the necessary mod_rewrite rules to include a different directory. When the user intentionally triggers a suspension via LeechProtect, the other users .htpasswds file will then be modified without authorization.

Impact:

We have deemed this vulnerability to be rated as MEDIUM due to the fact that the LeechProtect service can be manipulated into interfering with other users accounts.

Vulnerable Version:

This vulnerability was tested against cPanel 11.42.0.19 and is believed to exist in all versions prior to the fixed builds below.

Fixed Version:

This vulnerability was patched in cPanel 11.44.1.5, 11.44.0.29, 11.42.1.23 & 11.40.1.18.

Vendor Contact Timeline:

2014-03-10: Vendor contacted via email.
2014-03-10: Vendor confirms vulnerability.
2014-07-21: Vendor issues updates to all builds.
2014-07-28: RACK911 issues security advisory.