Type: Privilege Escalation
Vulnerable Version: G2 v2.6 and earlier.
Fixed Version: G2 v2.7
WHMXtra can install FFMPEG, firewalls, ddos protection, fix mysql issues, search for illegal files or processes, monitor your server and much much more. Browse the entire server filesystem via one of our built in file managers, upload/download files, create multiple accounts, check memory and CPU usage and even get tips on improving your servers performance.
For some un-explainable reason, WHMXtra modifies the sudo permissions to allow anyone to use chown or chmod as root which would ultimately allow the attacker to give themselves root access.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.
This vulnerability was tested against WHMXtra G2 v2.6 and is believed to exist in previous versions.
This vulnerability was patched in WHMXtra G2 v2.7.
Vendor Contact Timeline:
2013-06-12: Vendor contacted via email.
2013-06-12: Vendor confirms vulnerability.
2013-06-12: Vendor issues G2 v2.7 update.
2013-06-26: Rack911 issues security advisory.