Type: Content Disclosure (Root Access)
Vulnerable Version: 5.0.31
Fixed Version: 5.0.33
RVSiteBuilder is browser based sitebuilding software that installs directly into cPanel. Its easy-to-follow workflow, social media plugins, and robust content management features makes it easy for even non-programmers to create, market, and maintain a high-end web presence.
There is a flaw within a certain RVSiteBuilder file that is accessible to resellers that allows an attacker to read any file on the server regardless of ownership when using a hardlink to the target file.
Note: This flaw is allowed to exist because of a fundamental security failure within WHM that executes all plugins as root.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed regardless of ownership, including root files such as /etc/shadow.
This vulnerability was tested against RVSiteBuilder v5.0.31 and is believed to exist in all prior versions.
This vulnerability was patched in RVSiteBuilder v5.0.33.
Vendor Contact Timeline:
2013-06-05: Vendor contacted via email.
2013-06-05: Vendor confirms vulnerability.
2013-06-17: Vendor issues update.
2013-06-24: Rack911 issues security advisory.