Knowledgebase

WHMXtra (Reseller UI) - Local Race Condition Vulnerabilities (R911-0067)

Posted by Patrick, 09-11-2013, 04:03 PM
Product Description: WHMXtra is a unique addon module for cPanel servers, designed to turbo charge your WHM, adding many features you could normally only do via command line or not at all. Our cPanel Xtra Plugin adds even more functionality to your end users cPanel, saving your techs time and saving you money. Vulnerability Description: The reseller UI of WHMXtra is vulnerable to 3+ local race condition exploits that would allow an attacker to escalate their privileges to root access and/or damage system files. Proof of Concept: Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date. Impact: We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained and any file can be modified regardless of ownership. Vulnerable Version: This vulnerability was tested against WHMXtra Reseller UI G2 v3.5. Fixed Version: This vulnerability was patched in WHMXtra Reseller UI G2 v3.7. Vendor Contact Timeline: 2013-08-22: Vendor contacted via email. 2013-08-22: Vendor confirms vulnerability. 2013-08-31: Vendor issues update. 2013-09-11: Rack911 issues security advisory.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Slow speed via http and FTP (Views: 534)
Versaweb Packet Loss, No Support? (Views: 645)
Problems with Hostgator (Views: 660)
which script used? (Views: 534)
Reselling. Hosting, VPS, Dedicated (Views: 623)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.