BetterLinux – Arbitrary Command Execution (cPanel) Vulnerability (R911-0118)

Type: Arbitrary Command Execution
Location: Remote
Impact: Critical
Product: BetterLinux
Website: http://www.betterlinux.com
Vulnerable Version: 1.1.3-1
Fixed Version: 1.1.4-2
CVE: -
R911: 0118
Date: 2014-01-24
By: Rack911

Product Description:

BetterLinux is a collection of tools for system resource management, monitoring, and security intended for hosting providers, data centers, SaaS companies, and cloud environments. With it, you can control use and allocation of CPU, memory, MySQL, device I/O bandwidth, and IP bandwidth resources all within a secure environment. Individual users and processes that exceed set resource limits can be isolated from other system users and throttled as necessary.

Vulnerability Description:

BetterLinux with cPanel suffers from an arbitrary command execution vulnerability which could easily lead to a privilege escalation as the commands are done as root. For our exploit to work, reseller access is required, however, under certain conditions the same exploit could occur with a normal cPanel user.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against BetterLinux 1.1.3-1 and is believed to exist in all versions prior to the fixed builds below.

Fixed Version:

This vulnerability was patched in BetterLinux 1.1.4-2.

Vendor Contact Timeline:

2013-12-26: Vendor contacted via email.
2013-12-26: Vendor confirms vulnerability.
2014-01-23: Vendor issues updates to all builds.
2014-01-24: Rack911 issues security advisory.