Type: Privilege Escalation
Vulnerable Version: v9.0.3
Fixed Version: v9.0.4 and v8.0.16
Installatron is a turn-key, state-of-the-art web application automation solution (also known as an auto installer or script installer) for web hosting control panel platforms.
Once installed on a control panel server, Installatron’s powerful, easy-to-use user-interface integrates seamlessly, enabling instant, one-click installs and upgrades, backups and restores, and other
advanced features for a premier collection of only the best applications on the web.
Installatron on DirectAdmin can use the system cURL binary that allows an attacker to manipulate the output using a malicious config file which could lead to a root compromise.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.
This vulnerability was tested against Installatron v9.0.3 for DirectAdmin and is believed to exist in all prior versions.
This vulnerability was patched in Installatron v9.0.4 and 8.0.16.
Vendor Contact Timeline:
2013-10-21: Vendor contacted via email.
2013-10-21: Vendor confirms vulnerability.
2013-10-21: Vendor issues v9.0.4 and v8.0.16 update.
2013-10-25: Rack911 issues security advisory.