Installatron – Privilege Escalation (R911-0018)

Type: Privilege Escalation
Impact: Critical
Product: Installatron
Website: http://www.installatron.com
Vulnerable Version: v8.0.13
Fixed Version: v8.0.14
CVE: -
R911: 0018
Date: 2013-06-10
By: http://www.rack911.com

Product Description:

Installatron is a turn-key, state-of-the-art web application automation solution (also known as an auto installer or script installer) for web hosting control panel platforms.

Once installed on a control panel server, Installatron’s powerful, easy-to-use user-interface integrates seamlessly, enabling instant, one-click installs and upgrades, backups and restores, and other advanced features for a premier collection of only the best applications on the web.

Vulnerability Description:

There is a flaw within the Import feature of Installatron that allows an attacker to run commands as root. An attacker would then be able to set the necessary privileges and ownership of a carefully crafted file to gain access to a root shell.

Note: This flaw is allowed to exist because of a fundamental security failure within WHM that executes all plugins as root.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.

Vulnerable Version:

This vulnerability was tested against Installatron v8.0.13.

Fixed Version:

This vulnerability was patched in Installatron v8.0.14.

Vendor Contact Timeline:

2013-05-29: Vendor contacted via email.
2013-05-29: Vendor confirms vulnerability.
2013-05-29: Vendor issues v8.0.14 update.
2013-06-10: Rack911 issues security advisory.