WHMXtra (Reseller UI) – Arbitrary Command Execution Vulnerabilities (R911-0066)

Type: Arbitrary Command Execution
Location: Local
Impact: High
Product: WHMXtra (Reseller UI)
Website: http://www.whmxtra.com/
Vulnerable Version: G2 3.5
Fixed Version: G2 3.7
CVE:
R911: 0066
Date: 2013-09-11
By: Rack911

Product Description:

WHMXtra is a unique addon module for cPanel servers, designed to turbo charge your WHM, adding many features you could normally only do via command line or not at all. Our cPanel Xtra Plugin adds even more functionality to your end users cPanel, saving your techs time and saving you money.

Vulnerability Description:

The reseller UI of WHMXtra is vulnerable to 8+ arbitrary command execution exploits that would allow an attacker to escalate their privileges to root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against WHMXtra Reseller UI G2 v3.5.

Fixed Version:

This vulnerability was patched in WHMXtra Reseller UI G2 v3.7.

Vendor Contact Timeline:

2013-08-22: Vendor contacted via email.
2013-08-22: Vendor confirms vulnerability.
2013-08-31: Vendor issues update.
2013-09-11: Rack911 issues security advisory.