Installatron (DirectAdmin) – Arbitrary File Overwrite (R911-0094)

Type: Arbitrary File Overwrite
Location: Local
Impact: High
Product: Installatron (DirectAdmin)
Website: http://www.installatron.com
Vulnerable Version: v9.0.5
Fixed Version: v9.0.6
CVE: -
R911: 0094
Date: 2013-11-23
By: Rack911

Product Description:

Installatron is a turn-key, state-of-the-art web application automation solution (also known as an auto installer or script installer) for web hosting control panel platforms.

Once installed on a control panel server, Installatron’s powerful, easy-to-use user-interface integrates seamlessly, enabling instant, one-click installs and upgrades, backups and restores, and other advanced features for a premier collection of only the best applications on the web.

Vulnerability Description:

Due to insecure handling of tmp files and predictable session names, it is possible for an attacker to overwrite any file on the server with session data thus rendering a server inoperable.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that the server can be rendered inoperable.

Vulnerable Version:

This vulnerability was tested against Installatron v9.0.5 for DirectAdmin and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in Installatron v9.0.6 for DirectAdmin. (We thank Installatron for their always prompt updates and commitment to security!)

Vendor Contact Timeline:

2013-11-20: Vendor contacted via email.
2013-11-20: Vendor confirms vulnerability.
2013-11-23: Vendor issues v9.0.6 update.
2013-11-23: Rack911 issues security advisory.