Knowledgebase
WHMXtra - Privilege Escalation Vulnerability
| Posted by Patrick, 05-31-2013, 10:49 AM | | Product Description:
WHMXtra can install FFMPEG, firewalls, ddos protection, fix mysql issues, search for illegal files or processes, monitor your server and much much more. Browse the entire server filesystem via one of our built in file managers, upload/download files, create multiple accounts, check memory and CPU usage and even get tips on improving your servers performance.
Vulnerability Description:
There is a world writable directory that will allow an attacker to create a carefully crafted file that will ultimately lead to a root shell.
Note: This flaw is allowed to exist because of a fundamental security failure within WHM that executes all plugins as root.
Proof of Concept:
Due to the nature of this vulnerability we are withholding the proof of concept until a later date to allow everyone ample time to update their software
Impact:
We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.
Vulnerable Version:
This vulnerability was tested against WHMXtra G2 v2.4.
Fixed Version:
This vulnerability was patched in WHMXtra G2 v2.5.
Vendor Contact Timeline:
2013-05-29: Vendor contacted via email.
2013-05-29: Vendor confirms vulnerability.
2013-05-30: Vendor issues v2.5 update.
2013-05-31: Rack911 issues security advisory.
|
| Posted by Patrick, 05-31-2013, 10:51 AM | | This is a different security flaw than the one we posted yesterday, but it is fixed in a revised update to v2.5. If you're not sure if you are patched or not simply do this:
That will change the permission to something more appropriate.
|
|
 Add to Favourites
 Print this Article
|
Also Read
