UNIXY Varnish (cPanel Plugin) – Arbitrary File Access (R911-0091)

Type: Arbitrary File Access
Location: Local
Impact: High
Product: UNIXY cPanel Varnish
Website: http://www.unixy.net
Vulnerable Version: 1.8.4
Fixed Version: 1.8.6
CVE: -
R911: 0091
Date: 2013-11-20
By: Rack911

Product Description:

The UNIXY cPanel plugin comes with a Web interface to manage Varnish via cPanel WHM. The cPanel app takes the complexity out of Varnish in a consolidated one-stop interface. The script allows you to uninstall Varnish, modify Varnish settings, lookup caching stats, refresh the Varnish cache, restart Varnish, and much more!

Vulnerability Description:

A malicious user can view the contents of any file on the server regardless of ownership due Varnish being installed by the plugin using an insecure manner.


We have deemed this vulnerability to be rated as HIGH due to the fact that any file, including /etc/shadow, can be viewed.

Vulnerable Version:

This vulnerability was tested against UNIXY cPanel Varnish v1.8.4 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in UNIXY cPanel Varnish v1.8.6.

Vendor Contact Timeline:

2013-10-12: Vendor contacted via email.
2013-10-12: Vendor confirms vulnerability.
2013-11-18: Vendor issues v1.8.6 update.
2013-11-20: Rack911 issues security advisory.