cPremote – Privilege Escalation (R911-0050)

Type: Privilege Escalation
Location: Local
Impact: Critical
Product: cPremote
Website: http://www.cpremote.net
Vulnerable Version: v7.0
Fixed Version: v7.1
CVE: -
R911: 0050
Date: 2013-08-12
By: www.rack911.com

Product Description:

cPremote is a remote rsync backup plugin for the famous hosting control panel cPanel. It is a WHM plugin. This will take all your cPanel accounts backups into a remote server over ssh via incremental backup
method. So you can have all your servers and cPanel accounts backups into a central backup server.

Vulnerability Description:

There is a flaw within the Daily Backup feature that allows an attacker to take ownership of any file on the server, including root owned files, which could ultimately lead to root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can give themselves root access.

Vulnerable Version:

This vulnerability was tested against cPremote v7.0 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in cPremote v7.1 on 2013-08-12.

Vendor Contact Timeline:

2013-08-11: Vendor contacted via email.
2013-08-11: Vendor confirms vulnerability.
2013-08-12: Vendor issues v7.1 update.
2013-08-12: Rack911 issues security advisory.