APP: cPanel Resetpass Remote Command Execution
This signature detects attempts to remotely execute a command on a cPanel system. There is a feature which allows users to reset their passwords by email; when this feature is enabled, it allows users to execute commands as root.
Extended Description
A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords. An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.
Affected Products
Cpanel cpanel
References
BugTraq: 9848
CVE: CVE-2004-1769
URL: http://www.kb.cert.org/vuls/id/831534 http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0
Short Name
APP:CPANEL-RESETPASS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-1769 Command Execution Remote Resetpass bid:9848 cPanel
Release Date
08/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/2082
False Positive
Unknown
Vendors
Cpanel
CVSS Score
10.0