Vulnerabilities > CVE-2004-0490 - Local Privilege Escalation vulnerability in cPanel
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 |
Exploit-Db
| description | cPanel 5-9 Local Privilege Escalation Vulnerability. CVE-2004-0490. Local exploit for linux platform |
| id | EDB-ID:24141 |
| last seen | 2016-02-02 |
| modified | 2004-05-24 |
| published | 2004-05-24 |
| reporter | Rob Brown |
| source | https://www.exploit-db.com/download/24141/ |
| title | cPanel 5-9 - Local Privilege Escalation Vulnerability |
References
- http://bugzilla.cpanel.net/show_bug.cgi?id=283
- http://bugzilla.cpanel.net/show_bug.cgi?id=664
- http://www.a-squad.com/audit/explain10.html
- http://www.securiteam.com/tools/5TP0N15CUA.html
- http://www.securityfocus.com/archive/1/364112
- http://www.securityfocus.com/bid/10407
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16239