Interworx – Content Disclosure (Root Access) #2 (R911-0011)

Type: Content Disclosure (Root Access)
Impact: High
Product: InterWorx
Website: http://www.interworx.com
Vulnerable Version: v4.11.6 and v5.0.5
Fixed Version: v4.11.6 #473 and v5.0.5 #513
CVE: -
R911: 0011
Date: 2013-05-28
By: http://www.rack911.com

Product Description:

The InterWorx control panel is a Linux based dedicated server and VPS web control panel. It is feature rich for both the system administrator and website administrator. Supports software-based load balancing and clustering via a web interface.

Vulnerability Description:

The makemime binary (maildrop) has incorrect file permissions that makes it possible for an attacker to use a hardlink (ln) to sensitive files that could ultimately lead to a root compromise.

Proof of Concept:

Due to the nature of this vulnerability we are withholding the proof of concept until a later date to allow everyone ample time to update their software.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed regardless of ownership, including root files such as /etc/shadow and any private SSH keys.

Vulnerable Version:

This vulnerability was tested against InterWorx v4.11.6 + v5.0.5 BETA and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in InterWorx v4.11.6 #473 + v5.0.5 #513.

Vendor Contact Timeline:

2013-05-05: Vendor contacted via email.
2013-05-05: Vendor confirms vulnerability.
2013-05-20: Vendor issues v4.11.6 #473 update.
2013-05-20: Vendor issues v5.0.5 #513 update.
2013-05-28: Rack911 issues security advisory.