Type: Privilege Escalation
Vulnerable Version: v7.0
Fixed Version: v7.1
cPremote is a remote rsync backup plugin for the famous hosting control panel cPanel. It is a WHM plugin. This will take all your cPanel accounts backups into a remote server over ssh via incremental backup
method. So you can have all your servers and cPanel accounts backups into a central backup server.
There is a flaw within the Daily Backup feature that allows an attacker to take ownership of any file on the server, including root owned files, which could ultimately lead to root access.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can give themselves root access.
This vulnerability was tested against cPremote v7.0 and is believed to exist in all prior versions.
This vulnerability was patched in cPremote v7.1 on 2013-08-12.
Vendor Contact Timeline:
2013-08-11: Vendor contacted via email.
2013-08-11: Vendor confirms vulnerability.
2013-08-12: Vendor issues v7.1 update.
2013-08-12: Rack911 issues security advisory.