cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=109811572123753&w=2 | Mailing List |
http://marc.info/?l=bugtraq&m=109811654104208&w=2 | Mailing List |
http://secunia.com/advisories/12865 | Broken Link Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/11449 | Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory |
http://www.securityfocus.com/bid/11455 | Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17779 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17780 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-02-20T05:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-02-20T00:00:00
Link: CVE-2004-1603
JSON object: View
NVD Information
Status : Analyzed
Published: 2004-10-18T04:00:00.000
Modified: 2024-01-26T17:06:42.050
Link: CVE-2004-1603
JSON object: View
Redhat Information
No data.
CWE