CVE-2004-0529 - The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 an

CVE-2004-0529

Summary

The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.

References

Vulnerable Configurations

cpe:2.3:a:cluecentral:suexec.patch:*:*:*:*:*:*:*:*
cpe:2.3:a:cluecentral:suexec.patch:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	10478
bugtraq	20040605 cPanel mod_php suEXEC Taint Vulnerability
confirm	http://bugzilla.cpanel.net/show_bug.cgi?id=668
sectrack	1010411
secunia	11798
xf	cpanel-suexec-command-execute(16347)

Last major update

11-07-2017 - 01:30

Published

06-08-2004 - 04:00

Last modified

11-07-2017 - 01:30