Softaculous – Privilege Escalation (R911-0003)

Type: Privilege Escalation
Impact: Critical
Product: Softaculous
Website: http://www.softaculous.com
Vulnerable Version: 4.2.1, 4.2.2 and 4.2.3
Fixed Version: 4.2.4
CVE: -
R911: 0003
Date: 2013-05-07
By: Rack911, Avi Brender (www.elitehosts.com), and streaky

Product Description:

Softaculous is the leading auto installer with over 300 applications that can be installed by a click of the mouse. The software is in use by thousands of web hosting companies and works with various control panels such as cPanel, Plesk, DirectAdmin, InterWorx and H-Sphere.

Vulnerability Description:

An attacker can manipulate a SUID binary that is installed by Softaculous to escalate their privileges to root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that this exploit can lead to an instant root bind shell and can be executed by all users on the server – not just resellers. The exploit can also be executed via SSH, cron, CGI scripts and/or PHP scripts.

Vulnerable Version:

This vulnerability was tested against Softaculous v4.2.3 for cPanel but is also believed to exist under other control panels.

Fixed Version:

This vulnerability was patched in version v4.2.4.

Vendor Contact Timeline:

2013-05-07: Vendor contacted via email.
2013-05-07: Vendor confirms vulnerability.
2013-05-07: Vendor issues v4.2.4 update.
2013-05-07: Rack911 issues security advisory.