CVE-2004-1603 Information

Description

cPanel 9.4.1-RELEASE-64 follows hard links which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

Reference

http://marc.info/?l=bugtraq&m=109811572123753&w=2 http://marc.info/?l=bugtraq&m=109811654104208&w=2 http://secunia.com/advisories/12865 http://www.securityfocus.com/bid/11449 http://www.securityfocus.com/bid/11455 https://exchange.xforce.ibmcloud.com/vulnerabilities/17779 https://exchange.xforce.ibmcloud.com/vulnerabilities/17780