SB2017090607 - Multiple vulnerabilities in cPanel EasyApache

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2017-0900)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can supply a specially crafted 'query' command and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Security restrictions bypass (CVE-ID: CVE-2017-0899)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unknown error. A remote attacker can escape ANSI.

3) Improper input validation (CVE-ID: CVE-2017-0901)

The vulnerability allows a remote attacker to overwrite arbitrary files on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into installing a specially crafted RubyGem and overwrite arbitrary files.

4) Session hijacking (CVE-ID: CVE-2017-0902)

The vulnerability allows a remote attacker to hijack the target user's session.

The weakness exists due to improper access control. A remote attacker can hijack DNS sessions.

5) Heap use-after-free error (CVE-ID: CVE-2017-12932)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper use of the hash API for key deletion in a situation with an invalid array size. A remote attacker can use untrusted data to trigger heap use-after-free error in ext/standard/var_unserializer.re and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• http://news.cpanel.com/easyapache-sept-6-2017-maintenance-release/