cPanel – Exim Valiases Arbitrary File Read Security Vulnerability

Product Description:

cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the cPanel software, often used by resellers and system administrators.

Vulnerability Discussion:

When processing the valiases for a user, Exim was running as the root user. By creating a valias that included other files, an attacker was able to read arbitrary files as the root user.

Vendor Contact Timeline:

2016-11-28: Vendor contacted via email.
2016-11-29: Vendor confirms vulnerability.
2017-01-16: Vendor issues update.
2017-01-19: RACK911 issues security advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119