Knowledgebase
WHMreseller - Arbitrary File Access Vulnerability (R911-0065)
| Posted by Steven, 09-11-2013, 12:34 PM | | Product Description:
WHMreseller is a control panel developed for creating Master Resellers and Resellers. With the Master Reseller privilege, a reseller can resell reseller accounts, control the reseller quotas, assign private name servers, suspend, unsuspend, as well as terminate resellers.
Vulnerability Description:
There is a flaw within the Download Local Backup feature that allows an attacker to access any file regardless of ownership including the root access hash.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
Impact:
We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be accessed. Should the attacker target the root access hash, they would be able to use it to give themselves interactive root access by adding a specific SSH key.
Vulnerable Version:
This vulnerability was tested against WHMreseller v4.118 and is believed to exist in previous versions.
Fixed Version:
This vulnerability was patched in WHMreseller v4.119.
Vendor Contact Timeline:
2013-09-09: Vendor contacted via email.
2013-09-09: Vendor confirms vulnerability.
2013-09-10: Vendor issues v4.119 update.
2013-09-11: Rack911 issues security advisory.
|
| Posted by Patrick, 09-11-2013, 12:37 PM | | You can update to the latest version via this command:
/usr/local/cpanel/whostmgr/docroot/cgi/whmreseller/versionupdate
|
|
 Add to Favourites
 Print this Article
|
Also Read
