[Full-disclosure] Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability

From: Secunia Research (vuln_at_secunia.com)
Date: 11/04/05

  • Next message: iDEFENSE Labs: "[Full-disclosure] iDEFENSE Security Advisory 11.04.05: Clam AntiVirus tnef_attachment() DoS Vulnerability"
    To: full-disclosure@lists.grok.org.uk
    Date: Fri, 04 Nov 2005 19:18:07 +0100
    
    

    ======================================================================

                         Secunia Research 04/11/2005

             - cPanel Entropy Chat Script Insertion Vulnerability -

    ======================================================================
    Table of Contents

    Affected Software....................................................1
    Severity.............................................................2
    Vendor's Description of Software.....................................3
    Description of Vulnerability.........................................4
    Solution.............................................................5
    Time Table...........................................................6
    Credits..............................................................7
    About Secunia........................................................8
    Verification.........................................................9

    ======================================================================
    1) Affected Software

    cPanel 10.2.0-R82 and 10.6.0-R137

    Other versions may also be affected.

    ======================================================================
    2) Severity

    Rating: Moderately critical
    Impact: Cross-site scripting
    Where: Remote

    ======================================================================
    3) Vendor's Description of Software

    cPanel & WebHost Manager (WHM) is a next generation web hosting
    control panel system. Both cPanel & WHM are extremely feature rich as
    well as include an easy to use web based interface (GUI).

    Product link:
    http://www.cpanel.net/

    ======================================================================
    4) Description of Vulnerability

    Secunia Research has discovered a vulnerability in cPanel, which can
    be exploited by malicious people to conduct script insertion attacks.

    Input passed to the chat message field in the pre-installed
    Entropy Chat script isn't properly sanitised before being used. This
    can be exploited to inject arbitrary script code, which will be
    executed in a user's browser session in context of an affected site
    when the malicious user data is viewed with the
    Microsoft Internet Explorer browser.

    Example:
    Send message <b style="width:expression([code])">text</b>
    via http://[host]:2084/

    The vulnerability has been confirmed in versions 10.2.0-R82 and
    10.6.0-R137. Other versions may also be affected.

    ======================================================================
    5) Solution

    Edit the source code to ensure that input is properly sanitised.

    ======================================================================
    6) Time Table

    10/10/2005 - Vulnerability discovered.
    14/10/2005 - Vendor notified.
    04/11/2005 - Public disclosure.

    ======================================================================
    7) Credits

    Discovered by Andreas Sandblad, Secunia Research.

    ======================================================================
    8) About Secunia

    Secunia collects, validates, assesses, and writes advisories regarding
    all the latest software vulnerabilities disclosed to the public. These
    advisories are gathered in a publicly available database at the
    Secunia website:

    http://secunia.com/

    Secunia offers services to our customers enabling them to receive all
    relevant vulnerability information to their specific system
    configuration.

    Secunia offers a FREE mailing list called Secunia Security Advisories:

    http://secunia.com/secunia_security_advisories/

    ======================================================================
    9) Verification

    Please verify this advisory by visiting the Secunia website:
    http://secunia.com/secunia_research/2005-56/advisory/

    ======================================================================

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: iDEFENSE Labs: "[Full-disclosure] iDEFENSE Security Advisory 11.04.05: Clam AntiVirus tnef_attachment() DoS Vulnerability"

    Relevant Pages