Dear Valued Customer,
cPanel has currently released some critical cPanel updates. cPanel has a system in place that allows it to run updates if they are available. Due to the nature of the latest vulnerability, cPanel has started running on every VPS on all of our servers. As you may already know, cPanel updates their control panel software as well as the entire operating system. This has caused a very large load on our server nodes, which has lead to sluggish performance and issues tonight. We apologize about this inconvenience that is out of our hands, but ultimately for your protection by the cPanel team.
The following is information pertaining to one of the vulnerabilities and the seriousness of it. We thank Steven of Rack911 for releasing this information.
If you are a current customer of ours, please do not worry about submitting tickets asking for an update on this software. It has already been triggerred by cPAnel on all of the servers as mentioned above. Thank you.
cPanel – Exim Valiases Arbitrary File Access (R911-0169)
Type: Arbitrary File Access
Vulnerable Version: All versions prior to the fixed builds below.
Fixed Version: 22.214.171.124, 126.96.36.199, 188.8.131.52 & 184.108.40.206
cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the cPanel software, often used by resellers and system administrators.
It is possible for a malicious user to obtain the contents of any file on a cPanel server, including sensitive root files, by modifying the user valias to include a carefully crafted string which can then be accessed via a specific email request.
We have deemed this vulnerability to be rated as HIGH due to the fact that a user can access any file on the server with minimal effort.
This vulnerability was tested against cPanel 220.127.116.11 and is believed to exist in all versions prior to the fixed builds below.
This vulnerability was patched in cPanel 18.104.22.168, 22.214.171.124, 126.96.36.199 & 188.8.131.52.
Vendor Contact Timeline:
2014-06-22: Vendor contacted via email.
2014-06-22: Vendor confirms vulnerability.
2014-07-21: Vendor issues updates to all builds.
2014-07-28: RACK911 issues security advisory.