InterWorx – Content Disclosure (R911-0039)

Type: InterWorx – Content Disclosure (Root Access)
Location: Local
Impact: High
Product: InterWorx
Website: http://www.interworx.com
Vulnerable Version: All previous versions.
Fixed Version: v4.11.6 #479 and v5.0.5 #521
CVE: -
R911: 0039
Date: 2013-07-08
By: http://www.rack911.com

Product Description

The InterWorx control panel is a Linux based dedicated server and VPS web control panel. It is feature rich for both the system administrator and website administrator. Supports software-based load balancing and clustering via a web interface

Vulnerability Description:

There is a flaw within the Backup feature that allows an attacker to access a temporary world writable directory then use a hardlink to any file on the server which will then be stored in the archive and available upon downloaded.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against InterWorx v4.11.6 + v5.0.5 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in InterWorx v4.11.6 #479 and v5.0.5 #521.

Vendor Contact Timeline:

2013-06-13: Vendor contacted via email.
2013-06-14: Vendor confirms vulnerability.
2013-06-14: Vendor issues v4.11.6 #479 update.
2013-06-14: Vendor issues v5.0.5 #521 update.
2013-07-08: Rack911 issues security advisory.