Archive for August, 2013

cPremote – Privilege Escalation (R911-0050)

Monday, August 12th, 2013

Type: Privilege Escalation
Location: Local
Impact: Critical
Product: cPremote
Website: http://www.cpremote.net
Vulnerable Version: v7.0
Fixed Version: v7.1
CVE: -
R911: 0050
Date: 2013-08-12
By: www.rack911.com

Product Description:

cPremote is a remote rsync backup plugin for the famous hosting control panel cPanel. It is a WHM plugin. This will take all your cPanel accounts backups into a remote server over ssh via incremental backup
method. So you can have all your servers and cPanel accounts backups into a central backup server.

Vulnerability Description:

There is a flaw within the Daily Backup feature that allows an attacker to take ownership of any file on the server, including root owned files, which could ultimately lead to root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can give themselves root access.

Vulnerable Version:

This vulnerability was tested against cPremote v7.0 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in cPremote v7.1 on 2013-08-12.

Vendor Contact Timeline:

2013-08-11: Vendor contacted via email.
2013-08-11: Vendor confirms vulnerability.
2013-08-12: Vendor issues v7.1 update.
2013-08-12: Rack911 issues security advisory.

CloudLinux – Content Disclosure (R911-0049)

Friday, August 9th, 2013

Type: Content Disclosure (Root Access)
Location: Local
Impact: High
Product: CloudLinux
Website: http://www.cloudlinux.com
Vulnerable Version: CageFS 5.0-8
Fixed Version: CageFS 5.0-9
CVE:
R911: 0049
Date: 2013-08-09
By: http://www.rack911.com

Product Description:

CloudLinux is a commercially supported Linux operating system interchangeable with CentOS. It includes kernel level technology called LVE that allows you to control CPU and memory on per tenant bases. It is a bases for application level virtualization. CloudLinux delivers advanced resource management, better security and performance optimizations specifically targeted to multi-tenant hosting environment.

Vulnerability Description:

There is a flaw within the CageFS portion of CloudLinux that allows an attacker to disclose the contents of any file on the server regardless of file ownership.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed.

Vulnerable Version:

This vulnerability was tested against CloudLinux CageFS 5.0-8 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in CloudLinux CageFS 5.0-9.

Vendor Contact Timeline:

2013-08-08: Vendor contacted via email.
2013-08-08: Vendor confirms vulnerability.
2013-08-09: Vendor issues update.
2013-08-09: Rack911 issues security advisory.