Type: Privilege Escalation
Vulnerable Version: v8.0.13
Fixed Version: v8.0.14
Installatron is a turn-key, state-of-the-art web application automation solution (also known as an auto installer or script installer) for web hosting control panel platforms.
Once installed on a control panel server, Installatron’s powerful, easy-to-use user-interface integrates seamlessly, enabling instant, one-click installs and upgrades, backups and restores, and other advanced features for a premier collection of only the best applications on the web.
There is a flaw within the Import feature of Installatron that allows an attacker to run commands as root. An attacker would then be able to set the necessary privileges and ownership of a carefully crafted file to gain access to a root shell.
Note: This flaw is allowed to exist because of a fundamental security failure within WHM that executes all plugins as root.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.
This vulnerability was tested against Installatron v8.0.13.
This vulnerability was patched in Installatron v8.0.14.
Vendor Contact Timeline:
2013-05-29: Vendor contacted via email.
2013-05-29: Vendor confirms vulnerability.
2013-05-29: Vendor issues v8.0.14 update.
2013-06-10: Rack911 issues security advisory.