Archive for November, 2013

Admin-Ahead Bulk DNS TTL Changer – Insecure File Permissions (R911-0087)

Monday, November 18th, 2013

Type: Insecure File Permissions
Location: Local
Impact: Medium
Product: Admin-Ahead Bulk DNS TTL Changer
Website: http://admin-ahead.com/add-domain-main-domain-cpanel-whm-plugin/
Vulnerable Version: 1.0.0
Fixed Version: 1.0.1
CVE: -
R911: 0087
Date: 2013-11-18
By: Rack911

Product Description:

Here we introduce the A-AST Bulk DNS TTL changer v1.0 for cPanel/WHM. With this interface, you get to lower TTL values for multiple domains all at once, and make sure that the DNS information that you change will take effect in a shorter interval of time. What’s more? Once your migration is complete, you can use this same tool to raise the DNS TTL values of multiple domains and thus make life a little easier on name servers.

Vulnerability Description:

Due to insecure file permissions when the plugin is installed, it is possible under certain circumstances for a user to modify the files which could lead to a root compromise.

Impact:

We have deemed this vulnerability to be rated as MEDIUM due to the fact that files can be modified under certain circumstances by a specific user.

Vulnerable Version:

This vulnerability was tested against Admin-Ahead Bulk DNS TTL Changer v1.0.0 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in Admin-Ahead Bulk DNS TTL Changer v1.0.1.

Vendor Contact Timeline:

2013-11-17: Vendor contacted via email.
2013-11-17: Vendor confirms vulnerability.
2013-11-18: Vendor issues 1.0.1 update.
2013-11-18: Rack911 issues security advisory.

Admin-Ahead Add-On Domain to Main Account Converter – Privilege Escalation (R911-0086)

Monday, November 18th, 2013

Type: Privilege Escalation
Location: Local
Impact: Critical
Product: Admin-Ahead Add-On Domain to Main Account Converter
Website: http://admin-ahead.com/add-domain-main-domain-cpanel-whm-plugin/
Vulnerable Version: 1.0.0
Fixed Version: 1.0.1
CVE: -
R911: 0086
Date: 2013-11-18
By: Rack911

Product Description:

Another feature to add to your cPanel WHM from the Admin-Ahead Team, the Add-On Domain to Main Account Converter cPanel WHM Plugin. Add this Plugin and click to convert an add-on domain to a main domain in seconds.

Vulnerability Description:

There is a privilege escalation vulnerability that would allow an attacker to obtain root access and/or take control of any file on the server.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against Admin-Ahead Add-On Domain to Main Account Converter v1.0.0 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in Admin-Ahead Add-On Domain to Main Account Converter v1.0.1.

Vendor Contact Timeline:

2013-11-17: Vendor contacted via email.
2013-11-17: Vendor confirms vulnerability.
2013-11-18: Vendor issues 1.0.1 update.
2013-11-18: Rack911 issues security advisory.

Admin-Ahead Add-On Domain to Main Account Converter – Arbitrary Command Execution (R911-0085)

Monday, November 18th, 2013

Type: Arbitrary Command Execution
Location: Remote
Impact: High
Product: Admin-Ahead Add-On Domain to Main Account Converter
Website: http://admin-ahead.com/add-domain-main-domain-cpanel-whm-plugin/
Vulnerable Version: 1.0.0
Fixed Version: 1.0.1
CVE: -
R911: 0085
Date: 2013-11-18
By: Rack911

Product Description:

Another feature to add to your cPanel WHM from the Admin-Ahead Team, the Add-On Domain to Main Account Converter cPanel WHM Plugin. Add this Plugin and click to convert an add-on domain to a main domain in seconds.

Vulnerability Description:

There is an arbitrary command execution vulnerability that would allow an attacker to perform commands as root due to failure to sanitize user input.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that commands can be performed as root.

Vulnerable Version:

This vulnerability was tested against Admin-Ahead Add-On Domain to Main Account Converter v1.0.0 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in Admin-Ahead Add-On Domain to Main Account Converter v1.0.1.

Vendor Contact Timeline:

2013-11-17: Vendor contacted via email.
2013-11-17: Vendor confirms vulnerability.
2013-11-18: Vendor issues 1.0.1 update.
2013-11-18: Rack911 issues security advisory.