This attack usually occurs after the attacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users.
The attacker then runs a script which blindly builds symbolic links (a bit like shortcuts on Windows or Aliases on a Mac) to locations where configuration files for commonly used CMS might be kept in each user’s home directory.
If you enable both of the configuration settings SymLinksIfOwnerMatch and FollowSymLinks, Apache will be vulnerable to a race condition through symlinks. This symlink vulnerability allows a malicious user to serve files from anywhere on a server that has not been protected by strict OS-level permissions.
Use the following Solutions to prevent from Symlink attack valnurablities in cpanel
Filesystem-level solutions
Enable mod_ruid + jailshell for your apache webserver.
This option is very easy to enable. Simply recompile Apache and then enable Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell in Tweak Settings.
cageFS
CageFS is a virtualized file system and a set of tools to contain each user in its own ‘cage’. This option is available on all cPanel-supported platforms today, and it is already included with CloudLinux.
Kernel + Apache solutions
Kernel level protection, you can’t really get any better then this. Requires a custom kernel GRsec, etc., and the burden of maintaining and installing it.
Mod_hostinglimits securelinks with CloudLinux kernel
If you currently use CloudLinux, this option has already been installed. The directive will not affect VirtualHosts which do not have a specified user id.
