Type: Privilege Escalation
Vulnerable Version: v4.11.6 and v5.0.5
Fixed Version: v4.11.6 #473 and v5.0.5 #513
The InterWorx control panel is a Linux based dedicated server and VPS web control panel. It is feature rich for both the system administrator and website administrator. Supports software-based load balancing and clustering via a web interface.
The lockmail binary (maildrop) has incorrect file permissions that makes it possible for an attacker to run malicious exploit code that would ultimately lead to a root compromise.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.
This vulnerability was tested against InterWorx v4.11.6 + v5.0.5 BETA and is believed to exist in all prior versions.
This vulnerability was patched in InterWorx v4.11.6 #473 + v5.0.5 #513.
Vendor Contact Timeline:
2013-05-05: Vendor contacted via email.
2013-05-05: Vendor confirms vulnerability.
2013-05-14: Vendor issues v4.11.6 #473 update.
2013-05-14: Vendor issues v5.0.5 #513 update.
2013-05-28: Rack911 issues security advisory.