Archive for September, 2013

RVSiteBuilder – Arbitrary File Overwrite (R911-0061)

Tuesday, September 3rd, 2013

Type: Arbitrary File Overwrite
Location: Local
Impact: High
Product: RVSiteBuilder
Website: http://www.rvsitebuilder.com
Vulnerable Version: 5.0.39
Fixed Version: 5.0.40
CVE: -
R911: 0061
Date: 2013-09-03
By: Rack911

Product Description:

RVSiteBuilder is browser based site building software that installs directly into cPanel. Its easy-to-follow workflow, social media plugins, and robust content management features makes it easy for even non-programmers to create, market, and maintain a high-end web presence.

Vulnerability Description:

A reseller can create a malicious hardlink pointing to any file on the server and destroy the contents once they log into RVSiteBuilder via WHM. The end result is that an attacker could render a server inoperable by destroying key system files.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be overwritten.

Vulnerable Version:

This vulnerability was tested against RVSiteBuilder v5.0.39 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in RVSiteBuilder v5.0.40.

Vendor Contact Timeline:

2013-08-18: Vendor contacted via email.
2013-08-25: Vendor confirms vulnerability.
2013-09-02: Vendor issues update.
2013-09-03: Rack911 issues security advisory.