CVE-2004-0529 Information

Description

The modified suexec program in cPanel when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec allows local users to execute untrusted shared scripts and gain privileges as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi a different vulnerability than CVE-2004-0490.

Reference

http://bugzilla.cpanel.net/show_bug.cgi?id=668 http://marc.info/?l=bugtraq&m=108663003608211&w=2 http://secunia.com/advisories/11798 http://securitytracker.com/id?1010411 http://www.securityfocus.com/bid/10478 https://exchange.xforce.ibmcloud.com/vulnerabilities/16347