WHMXtra (Reseller UI) – Local Race Condition Vulnerabilities (R911-0067)

Type: Race Condition
Location: Local
Impact: High
Product: WHMXtra (Reseller UI)
Website: http://www.whmxtra.com/
Vulnerable Version: G2 3.5
Fixed Version: G2 3.7
CVE:
R911: 0067
Date: 2013-09-11
By: Rack911
Product Description:

WHMXtra is a unique addon module for cPanel servers, designed to turbo charge your WHM, adding many features you could normally only do via command line or not at all. Our cPanel Xtra Plugin adds even more functionality to your end users cPanel, saving your techs time and saving you money.

Vulnerability Description:

The reseller UI of WHMXtra is vulnerable to 3+ local race condition exploits that would allow an attacker to escalate their privileges to root access and/or damage system files.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained and any file can be modified regardless of ownership.

Vulnerable Version:

This vulnerability was tested against WHMXtra Reseller UI G2 v3.5.

Fixed Version:

This vulnerability was patched in WHMXtra Reseller UI G2 v3.7.

Vendor Contact Timeline:

2013-08-22: Vendor contacted via email.
2013-08-22: Vendor confirms vulnerability.
2013-08-31: Vendor issues update.
2013-09-11: Rack911 issues security advisory.