Vulnerabilities > CVE-2003-1426 - Configuration vulnerability in Cpanel 5.0
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |