Type: Arbitrary File Overwrite
Product: Installatron (DirectAdmin)
Vulnerable Version: v9.0.5
Fixed Version: v9.0.6
Installatron is a turn-key, state-of-the-art web application automation solution (also known as an auto installer or script installer) for web hosting control panel platforms.
Once installed on a control panel server, Installatron’s powerful, easy-to-use user-interface integrates seamlessly, enabling instant, one-click installs and upgrades, backups and restores, and other advanced features for a premier collection of only the best applications on the web.
Due to insecure handling of tmp files and predictable session names, it is possible for an attacker to overwrite any file on the server with session data thus rendering a server inoperable.
We have deemed this vulnerability to be rated as HIGH due to the fact that the server can be rendered inoperable.
This vulnerability was tested against Installatron v9.0.5 for DirectAdmin and is believed to exist in all prior versions.
This vulnerability was patched in Installatron v9.0.6 for DirectAdmin. (We thank Installatron for their always prompt updates and commitment to security!)
Vendor Contact Timeline:
2013-11-20: Vendor contacted via email.
2013-11-20: Vendor confirms vulnerability.
2013-11-23: Vendor issues v9.0.6 update.
2013-11-23: Rack911 issues security advisory.