CVE-2004-0529 - Vulnerability Details - OpenCVE

The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cluecentral	Suexec.patch

Configuration 1 [-]

cpe:2.3:a:cluecentral:suexec.patch:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugzilla.cpanel.net/show_bug.cgi?id=668
http://marc.info/?l=bugtraq&m=108663003608211&w=2
http://secunia.com/advisories/11798
http://securitytracker.com/id?1010411
http://www.securityfocus.com/bid/10478
https://exchange.xforce.ibmcloud.com/vulnerabilities/16347

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-06-08T04:00:00

Updated: 2024-08-08T00:24:25.810Z

Reserved: 2004-06-03T00:00:00

Link: CVE-2004-0529

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-08-06T04:00:00.000

Modified: 2024-11-20T23:48:47.873

Link: CVE-2004-0529

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-06-05T00:00:00", "descriptions": [{"lang": "en", "value": "The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1010411", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1010411"}, {"name": "20040605 cPanel mod_php suEXEC Taint Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108663003608211&w=2"}, {"name": "11798", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11798"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=668"}, {"name": "10478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10478"}, {"name": "cpanel-suexec-command-execute(16347)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1010411", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1010411"}, {"name": "20040605 cPanel mod_php suEXEC Taint Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108663003608211&w=2"}, {"name": "11798", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11798"}, {"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=668", "refsource": "CONFIRM", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=668"}, {"name": "10478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10478"}, {"name": "cpanel-suexec-command-execute(16347)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:24:25.810Z"}, "title": "CVE Program Container", "references": [{"name": "1010411", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1010411"}, {"name": "20040605 cPanel mod_php suEXEC Taint Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108663003608211&w=2"}, {"name": "11798", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/11798"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=668"}, {"name": "10478", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10478"}, {"name": "cpanel-suexec-command-execute(16347)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0529", "datePublished": "2004-06-08T04:00:00", "dateReserved": "2004-06-03T00:00:00", "dateUpdated": "2024-08-08T00:24:25.810Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cluecentral:suexec.patch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DE2D0B5-23D7-4E6A-9353-CBD37B3DE096", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490."}, {"lang": "es", "value": "El programa modificado suexec de cPanel, cuando se configura para mod_php y compila para Apache 1.3.31 y anteriores sin mod_phpsuexec, permite a usuarios locales ejecutar scripts compartidos que no son de confianza y ganar privilegios, como se ha demostrado usando scripts como (1)proftpdvhosts or (2) addalink.cgi, una vulnerabiliad distinta de CAN-2004-0490."}], "id": "CVE-2004-0529", "lastModified": "2024-11-20T23:48:47.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-06T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=668"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108663003608211&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/11798"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1010411"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10478"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=668"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=108663003608211&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/11798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1010411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}