cPremote – Elevated Privileges (R911-0006)

Type: Elevated Privileges
Impact: Medium
Product: cPremote
Website: http://www.cpnginx.com
Vulnerable Version: 6.9 and possibly earlier earlier.
Fixed Version: 6.10
CVE: -
R911: 0006
Date: 2013-05-21
By: http://www.rack911.com

Product Description:

cPremote is a remote rsync backup plugin for the famous hosting control panel cPanel. It is a WHM plugin. This will take all your cPanel accounts backups into a remote server over ssh via incremental backup method. So you can have all your servers and cPanel accounts backups into a central backup server.

Vulnerability Description:

cPremote allows access to root only functions in the software to resellers. Through this vulnerability it is possible for an attacker to disable / modify server wide backup settings and restore any users backups (potentially overwriting customer data).

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as MEDIUM due to the fact that backups can be disabled and customer data can be overwritten by a reseller.

Work Around:

Upgrade to the latest version of cPremote.

Vulnerable Version:

This vulnerability was tested against cPremote 6.9 and it is believed that prior versions are also vulnerable.