Type: Content Manipulation (Root Access)
Vulnerable Version: 5.0.31
Fixed Version: 5.0.33
RVSiteBuilder is browser based sitebuilding software that installs directly into cPanel. Its easy-to-follow workflow, social media plugins, and robust content management features makes it easy for even non-programmers to create, market, and maintain a high-end web presence.
There is a flaw within RVSiteBuilder that allows an attacker to perform a symlink attack against certain files that will then be overwritten and have the ownership changed to the user.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be deleted and/or ownership changed that could lead to a root compromise.
This vulnerability was tested against RVSiteBuilder v5.0.31 and is believed to exist in all prior versions.
This vulnerability was patched in RVSiteBuilder v5.0.33.
Vendor Contact Timeline:
2013-06-05: Vendor contacted via email.
2013-06-05: Vendor confirms vulnerability.
2013-06-17: Vendor issues update.
2013-06-24: Rack911 issues security advisory.