April | 2017 | cPanel Server Management

Discontinued support for cgiemail and cgiecho following vulnerabilities.

cPanel is discontinuing support for cgiecho and cgiemail due to various design issues. The upstream author has abandon the project and these items will be removed from future versions of cPanel & WHM.

This is following the patched releases of cgiemail and cgiecho in the first TSR release of 2017 (TSR-2017-0001).

The Shadow Brokers confirmed the exploit on April 8 2017 using ElegantEgale on the since patched cgiemail format string injection vulnerability (CVE-2017-5613).

Versions of cPanel and WHM 54 and newer have been patched successfully.

Other exploits discovered (EndlessDonut, ElatedMonkey) have been successfully patched as well.

Ref:

http://news.cpanel.com/cpanel-security-team-cgiemail-cve-2017-5613/

https://news.cpanel.com/tsr-2017-0001-full-disclosure/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5613

cPanel Server Management

Tips and Tricks for managing your cpanel server!

Monthly Archives: April 2017

Discontinued support for cgiemail and cgiecho