cPanel – Safetybits.pl Race Conditions (R911-0151)

Type: Race Conditions
Location: Local
Impact: High
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: All versions prior to the fixed builds below.
Fixed Version: 11.43.0.12, 11.42.1.16 & 11.40.1.14
CVE: -
R911: 0151
Date: 2014-05-26
By: Rack911

Product Description:

cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the cPanel software, often used by resellers and system administrators.

Vulnerability Description:

Due to a race condition present within safetybits.pl, it is possible for a malicious user to take ownership of various files and/or directories. The safetybits.pl file is used by a few functions within cPanel such as chownpublichtmls, cleanopenwebmail, mkquotas, fixvaliases and fixsuexeccgiscripts.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that files ownership’s can be changed which could lead to a privilege escalation.

Vulnerable Version:

This vulnerability was tested against cPanel prior to the fixed versions below.

Fixed Version:

This vulnerability was patched in cPanel 11.43.0.12, 11.42.1.16 & 11.40.1.14.

Vendor Contact Timeline:

2014-04-03: Vendor contacted via email.
2014-04-07: Vendor confirms vulnerability.
2014-05-19: Vendor issues updates to all builds.
2014-05-26: Rack911 issues security advisory.