Customized CPanel Solutions / Server Administration


cPanel exploit - 09/23/06

Update - 09/26/06

New patch has been released:

A new thread has also been opened concerning this:

A cPanel exploit was discovered that apparently raises escalation privileges for normal users. The exploit is a local exploit, which means a user must first have an account or be able to gain access to a cPanel account before initiating this exploit. cPanel developers have released a patch to temporarily prevent this, and from my understanding they are continuing to check over other pieces of code and a more robust patch may be released at a later time.

Administrators are encouraged to update cpanel by running:


on their servers. This will apply patches to the affected system.

Also a script has been written by Nick from cPanel that checks to insure that your system is patched against this. The script is downloaded from the thread at:

Or, I have made this script locally available at:

To run the script, just download the script to your server and run it with perl:


More information concerning this exploit is available at the cPanel forums: