Security Advisory 8-19-2011

h3. Severity

R1Soft rates this vulnerability Critical.

h3. Risk Assessment

We have identified a security flaw in Hosting Control Panel end-user file download which may affect CDP Enterprise & Advanced Edition instances in the public environment. The vulnerability allows a control panel end-user to download files outside of their home directory that they do not have privileges to.

h3. Risk Mitigation

You should immediately upgrade to CDP 3.12.3 or later OR disable all configured hosting control panel instances on your CDP Policies. Disabling the configured hosting control panel instances on your CDP Policies will prevent a control panel end-user from exploiting the vulnerability.

h3. Vulnerability

+CDP Server Actions:+
Login to the CDP Server web interface and to a hosting control panel instance using the credentials of the control panel end-user. Then use the download to zip or tar archive functionality.

+Affected CDP Versions:+
CDP Enterprise/Advanced Editions: 3.12.0, 3.12.1, 3.12.2

h3. Fix

This issue has been fixed in [CDP 3.12.3|CDP3:CDP 3.12.3 Release Notes]. Which you can download from the customer download portal http://download.r1soft.com


{note:title=Important Note}
*Only the CDP Server needs to be upgraded to 3.12.3  No agent update is required for the fix.*
*[*See the release notes*|CDP3:CDP 3.12.3 Release Notes]**.*{note}