WHMreseller – Privilege Escalation (R911-0074)

Type: Privilege Escalation
Location: Local
Impact: Critical
Product: WHMreseller
Website: http://www.deasoft.com/whmreseller.php
Vulnerable Version: v4.119
Fixed Version: v4.127
CVE: -
R911: 0074
Date: 2013-09-23
By: Rack911

Product Description:

WHMreseller is a control panel developed for creating Master Resellers and Resellers. With the Master Reseller privilege, a reseller can resell reseller accounts, control the reseller quotas, assign private name servers, suspend, unsuspend, as well as terminate resellers.

Vulnerability Description:

A malicious reseller can upload a tainted backup archive that when restored would give the reseller “all” privileges which translates to root level access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that root level access can be obtained.

Vulnerable Version:

This vulnerability was tested against WHMreseller v4.119 and is believed to exist in previous versions.

Fixed Version:

This vulnerability was patched in WHMreseller v4.127.

Vendor Contact Timeline:

2013-09-15: Vendor contacted via email.
2013-09-15: Vendor confirms vulnerability.
2013-09-20: Vendor issues v4.127 update.
2013-09-23: Rack911 issues security advisory.