InterWorx – Content Manipulation (R911-0040)

Type: Content Manipulation
Location: Local
Impact: High
Product: InterWorx
Website: http://www.interworx.com
Vulnerable Version: All previous versions.
Fixed Version: v4.11.6 #475 and v5.0.5 #516
CVE: -
R911: 0040
Date: 2013-07-08
By: http://www.rack911.com

Product Description

The InterWorx control panel is a Linux based dedicated server and VPS web control panel. It is feature rich for both the system administrator and website administrator. Supports software-based load balancing and clustering via a web interface

Vulnerability Description:

There is a flaw within the Import feature that would allow a malicious reseller to create a symlink to target any file owned by the iworx user which in turn will then be overwritten when an archive is uploaded.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file owned by the user iworx can be modified or destroyed. This includes making the InterWorx panel inoperable or obtaining sensitive control panel data.

Vulnerable Version:

This vulnerability was tested against InterWorx v4.11.6 + v5.0.5 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in InterWorx v4.11.6 #475 and v5.0.5 #516.

Vendor Contact Timeline:

2013-06-13: Vendor contacted via email.
2013-06-14: Vendor confirms vulnerability.
2013-06-14: Vendor issues v4.11.6 #475 update.
2013-06-14: Vendor issues v5.0.5 #516 update.
2013-07-08: Rack911 issues security advisory.