cPanel 11.23.1-EDGE_24526 - insecure handling of openssl's .rnd file


When enabling Domain Keys in cPanel for a domain for the first time, the following file would be written as root.wheel: /home/username/.rnd. This comes from the RANDFILE setting in /usr/share/ssl/openssl.cnf. A symlink attack here would allow the user to overwrite any file on the box. The contents of the .rnd file were random data from /dev/urandom.


Local users could destroy any file on the box.