RVSiteBuilder – Hardlink Local Privilege Escalation (R911-0062)

Type: Privilege Escalation
Location: Local
Impact: High
Product: RVSiteBuilder
Website: http://www.rvsitebuilder.com
Vulnerable Version: 5.0.39
Fixed Version: 5.0.40
CVE: -
R911: 0062
Date: 2013-09-03
By: Rack911

Product Description:

RVSiteBuilder is browser based site building software that installs directly into cPanel. Its easy-to-follow workflow, social media plugins, and robust content management features makes it easy for even non-programmers to create, market, and maintain a high-end web presence.

Vulnerability Description:

A reseller can create a malicious hardlink pointing to any file on the server and take control of that file once the RVSiteBuilder setup is initiated. The end result is that the attacker would be able to gain root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against RVSiteBuilder v5.0.39 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in RVSiteBuilder v5.0.40.

Vendor Contact Timeline:

2013-08-18: Vendor contacted via email.
2013-08-25: Vendor confirms vulnerability.
2013-09-02: Vendor issues update.
2013-09-03: Rack911 issues security advisory.