Vulnerability Description
The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cluecentral | Suexec.Patch | All versions |
References
- http://bugzilla.cpanel.net/show_bug.cgi?id=668
- http://marc.info/?l=bugtraq&m=108663003608211&w=2
- http://secunia.com/advisories/11798
- http://securitytracker.com/id?1010411
- http://www.securityfocus.com/bid/10478Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16347
- http://bugzilla.cpanel.net/show_bug.cgi?id=668
- http://marc.info/?l=bugtraq&m=108663003608211&w=2
- http://secunia.com/advisories/11798
- http://securitytracker.com/id?1010411
- http://www.securityfocus.com/bid/10478Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16347
FAQ
What is CVE-2004-0529?
CVE-2004-0529 is a vulnerability with a CVSS score of 7.2 (HIGH). The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain pri...
How severe is CVE-2004-0529?
CVE-2004-0529 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0529?
Check the references section above for vendor advisories and patch information. Affected products include: Cluecentral Suexec.Patch.