cPanel killacct Script Arbitrary DNS Deletion

2004-06-07T11:26:54
ID OSVDB:6712
Type osvdb
Reporter verb0s ()
Modified 2004-06-07T11:26:54

Description

Vulnerability Description

CPanel contains a flaw that may allow a malicious user to delete arbitrary customer DNS records. The issue is triggered when a remote authenticated attacker invokes the script "/scripts/killacct" to delete the DNS information of other accounts, which belong to other administrators. By setting a crafted cookie, a remote attacker can delete any DNS records, resulting in a loss of availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CPanel contains a flaw that may allow a malicious user to delete arbitrary customer DNS records. The issue is triggered when a remote authenticated attacker invokes the script "/scripts/killacct" to delete the DNS information of other accounts, which belong to other administrators. By setting a crafted cookie, a remote attacker can delete any DNS records, resulting in a loss of availability.

Manual Testing Notes

http://[victim]:2086/scripts/killacct?domain=(domain)&user=(user)&submit-domain=Terminate

References:

Vendor URL: http://www.cpanel.net/ Security Tracker: 1010398 Secunia Advisory ID:11784 Mail List Post: http://seclists.org/lists/bugtraq/2004/Jun/0055.html