Archive for October, 2013

DirectAdmin – Arbitrary File Access Vulnerability (R911-0077)

Monday, October 7th, 2013

Type: Arbitrary File Access
Location: Local
Impact: High
Product: DirectAdmin
Website: http://www.directadmin.com
Vulnerable Version: v1.43
Fixed Version: v1.44
CVE: -
R911: 0077
Date: 2013-10-07
By: Rack911

Product Description:

DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier.

Vulnerability Description:

There is a flaw within the backup system that allows an attacker to read any file on the server, including root owned files, which could ultimately lead to a server being compromised.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed.

Vulnerable Version:

This vulnerability was tested against DirectAdmin v1.43 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in DirectAdmin v1.44.

Vendor Contact Timeline:

2013-06-22: Vendor contacted via email.
2013-06-22: Vendor confirms vulnerability.
2013-09-26: Vendor issues v1.44 update.
2013-10-07: Rack911 issues security advisory.

DirectAdmin – Arbitrary File Overwrite Vulnerability (R911-0076)

Monday, October 7th, 2013

Type: Arbitrary File Overwrite
Location: Local
Impact: High
Product: DirectAdmin
Website: http://www.directadmin.com
Vulnerable Version: v1.43
Fixed Version: v1.44
CVE: -
R911: 0076
Date: 2013-10-07
By: Rack911

Product Description:

DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier.

Vulnerability Description:

There is a flaw within the backup system that allows an attacker to overwrite any file on the server, including root owned files, which could ultimately render a server inoperable.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that a normal user can render a server inoperable.

Vulnerable Version:

This vulnerability was tested against DirectAdmin v1.43 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in DirectAdmin v1.44.

Vendor Contact Timeline:

2013-06-22: Vendor contacted via email.
2013-06-22: Vendor confirms vulnerability.
2013-09-26: Vendor issues v1.44 update.
2013-10-07: Rack911 issues security advisory.

DirectAdmin – Arbitrary File Overwrite Vulnerability (R911-0075)

Monday, October 7th, 2013

Type: Arbitrary File Overwrite
Location: Local
Impact: High
Product: DirectAdmin
Website: http://www.directadmin.com
Vulnerable Version: v1.43
Fixed Version: v1.44
CVE: -
R911: 0075
Date: 2013-10-07
By: Rack911

Product Description:

DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier.

Vulnerability Description:

There is a flaw within the reseller backup system that allows an attacker to use symlinks and hardlinks to overwrite any file and/or change ownerships of directories. We were not able to obtain root access but were able to overwrite sensitive files which could render a server inoperable.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that a normal user can render a server inoperable.

Vulnerable Version:

This vulnerability was tested against DirectAdmin v1.43 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in DirectAdmin v1.44.

Vendor Contact Timeline:

2013-06-22: Vendor contacted via email.
2013-06-22: Vendor confirms vulnerability.
2013-09-26: Vendor issues v1.44 update.
2013-10-07: Rack911 issues security advisory.