Type: Privilege Escalation
Vulnerable Version: v1.43
Fixed Version: v1.44
DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier.
There is a flaw within the backup system that allows an attacker to rub arbitrary commands while restoring MySQL databases as root that could ultimately lead to a root compromise.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.
This vulnerability was tested against DirectAdmin v1.43 and is believed to exist in all prior versions.
This vulnerability was patched in DirectAdmin v1.44.
Vendor Contact Timeline:
2013-06-22: Vendor contacted via email.
2013-06-22: Vendor confirms vulnerability.
2013-09-26: Vendor issues v1.44 update.
2013-10-07: Rack911 issues security advisory.