CloudLinux – cPanel PHP Selector Arbitrary Command Execution (R911-0141)

Type: Arbitrary Command Execution
Location: Remote
Impact: Medium
Product: CloudLinux
Website: http://www.cloudlinux.com
Vulnerable Version: lvemanager 0.7-1.32
Fixed Version: lvemanager 0.8-1.15.1
CVE: -
R911: 0141
Date: 2014-04-10
By: Rack911

Product Description:

CloudLinux is a commercially supported Linux operating system interchangeable with CentOS. It includes kernel level technology called LVE that allows you to control CPU and memory on per tenant bases. It is
a bases for application level virtualization. CloudLinux delivers advanced resource management, better security and performance optimizations specifically targeted to multi-tenant hosting environment.

Vulnerability Description:

Due to an arbitrary command execution vulnerability present within the cPanel CageFS PHP Selector, it is possible for a user to bypass CageFS restrictions.

Impact:

We have deemed this vulnerability to be rated as MEDIUM due to the fact that CageFS can be bypassed.

Vulnerable Version:

This vulnerability was tested against CloudLinux lvemanager 0.7-1.32 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in CloudLinux lvemanager 0.8-1.15.1.

Vendor Contact Timeline:

2014-04-07: Vendor contacted via email.
2014-04-07: Vendor confirms vulnerability.
2014-04-10: Vendor issues update.
2014-04-10: Rack911 issues security advisory.