Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910

    Exclamation DirectAdmin - Arbitrary File Overwrite Vulnerability (R911-0076)

    Type: Arbitrary File Overwrite
    Location: Local
    Impact: High
    Product: DirectAdmin
    Website: http://www.directadmin.com
    Vulnerable Version: v1.43
    Fixed Version: v1.44
    CVE: -
    R911: 0076
    Date: 2013-10-07
    By: Rack911
    Product Description:

    DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier.

    Vulnerability Description:

    There is a flaw within the backup system that allows an attacker to overwrite any file on the server, including root owned files, which could ultimately render a server inoperable.

    Proof of Concept:

    Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

    Impact:

    We have deemed this vulnerability to be rated as HIGH due to the fact that a normal user can render a server inoperable.

    Vulnerable Version:

    This vulnerability was tested against DirectAdmin v1.43 and is believed to exist in all prior versions.

    Fixed Version:

    This vulnerability was patched in DirectAdmin v1.44.

    Vendor Contact Timeline:

    2013-06-22: Vendor contacted via email.
    2013-06-22: Vendor confirms vulnerability.
    2013-09-26: Vendor issues v1.44 update.
    2013-10-07: Rack911 issues security advisory.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Similar Threads

  1. DirectAdmin - Arbitrary File Overwrite Vulnerability (R911-0075)
    By Patrick in forum Hosting Security and Technology
    Replies: 1
    Last Post: 10-07-2013, 10:27 AM
  2. WHMreseller - Arbitrary File Access Vulnerability (R911-0065)
    By Steven in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-11-2013, 12:37 PM
  3. RVSiteBuilder - Arbitrary File Overwrite Vulnerability (R911-0061)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 09-03-2013, 09:29 AM
  4. cPanel - Arbitrary File Access Vulnerability (R911-0055)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 08-29-2013, 09:35 PM
  5. ArcticDesk Arbitrary File Upload Vulnerability (R911-0047)
    By Steven in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-24-2013, 02:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •