Type: Privilege Escalation
Vulnerable Version: 10.83
Fixed Version: 10.84
RVSkin is an advance skin to use in web server control panel. A skin software provides multi-language, multi-theme, and many intelligent features to bring your unique interface differentiates your business.
A reseller can create a malicious hardlink pointing to any file on the server and take control of that file once they log into RVSkin via the WHM interface. The end result is that the attacker would be able to gain root access.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained.
This vulnerability was tested against RVSkin v10.83 and is believed to exist in all prior versions.
This vulnerability was patched in RVSkin v10.84.
Vendor Contact Timeline:
2013-08-18: Vendor contacted via email.
2013-08-25: Vendor confirms vulnerability.
2013-09-02: Vendor issues update.
2013-09-03: Rack911 issues security advisory.