cpanel.net cPanel Web Host Control Panel
cPanel 9.1.0-R85 is vulnerable to a remote file retrieval vulnerability.
Two cPanel programs allow remote users to specify arbitrary files to retrieve from the server. Risk is mitigated because users can only retrieve files from within their user directory. This poses a risk if the administrator has removed the "File Manager" module (note: disabling "File Manager" in WHM only removes the icon from the cPanel front page, not from the webserver entirely), as the user may be able to access files they would otherwise not have the ability to read.
These URLs will retrieve the shadow file from the user's /etc directory (not the system's /etc directory):
There is currently no vendor fix for this problem.
cPanel was contacted on 3/13/2004. Vendor responded on 3/16/2004 that this was not an issue since "File Manager" cannot be disabled.
Updated information can be found on OSVDB.org under the following entries:
|OSVDB-4216||cPanel erredit.html Arbitrary File Access|
|OSVDB-4217||cPanel editmsg.html Arbitrary File Access|