hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : SpamExperts (cPanel Plugin) - Local Privilege Escalation Vulnerability (R911-0079)
Reply

Forum Jump

SpamExperts (cPanel Plugin) - Local Privilege Escalation Vulnerability (R911-0079)

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 10-11-2013, 08:25 PM
Patrick Patrick is offline
Security Ninja
 
Join Date: Mar 2003
Location: Canada
Posts: 8,706
Exclamation

SpamExperts (cPanel Plugin) - Local Privilege Escalation Vulnerability (R911-0079)


Quote:
Type: Privilege Escalation
Location: Local
Impact: Critical
Product: SpamExperts (cPanel Plugin)
Website: http://www.spamexperts.com
Vulnerable Version: v3.0.58799
Fixed Version: v3.0.59056
CVE: -
R911: 0079
Date: 2013-10-11
By: Rack911
Product Description:

SpamExperts delivers managed email security in the cloud or on premises, tailored for webhosts: Incoming -, outgoing email filtering, and email archiving. Reduce churn, increase revenue, be 100% secure! Full API & standard integration and automation plugins for cPanel, Parallels products, DirectAdmin; Redundant, synchronized, and scalable; 4-Tier control panel; multi-level branding options; 24/7 support & SLAs; Fast release cycles and frequent updates!

Vulnerability Description:

There is a local privilege escalation flaw in SpamExpert's cPanel Plugin that would allow an attacker to obtain root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against SpamExpert's cPanel Plugin v3.0.58799 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in SpamExpert's cPanel Plugin vv3.0.59056.

Vendor Contact Timeline:

2013-10-01: Vendor contacted in person.
2013-10-01: Vendor confirms vulnerability.
2013-10-02: Vendor issues updates to all builds.
2013-10-11: Rack911 issues security advisory.

__________________
Patrick William | RACK911 Labs | Software Security Auditing
250+ Vulnerabilities Found - Get a Quote @ http://www.RACK911Labs.com

www.HostingSecList.com - Security notices for the hosting community.

Reply With Quote


Sponsored Links
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
DirectAdmin - MySQL Local Privilege Escalation Vulnerability (R911-0078) Patrick Hosting Security and Technology 2 10-28-2013 03:05 PM
RVSiteBuilder - Hardlink Local Privilege Escalation Vulnerability (R911-0062) Patrick Hosting Security and Technology 7 09-05-2013 08:23 AM
RVSkin - Hardlink Local Privilege Escalation Vulnerability (R911-0064) Steven Hosting Security and Technology 0 09-03-2013 09:33 AM
RVSkin - Hardlink Local Privilege Escalation Vulnerability (R911-0063) Steven Hosting Security and Technology 0 09-03-2013 09:32 AM
cPanel - Privilege Escalation Vulnerability (R911-0052) Patrick Hosting Security and Technology 0 08-29-2013 09:05 PM

Related posts from TheWhir.com
Title Type Date Posted
WPTouch WordPress Plugin Vulnerability Allows Non-Admins to Take Over Website Web Hosting News 2014-07-14 16:17:19
Researchers Uncover Security Vulnerabilities in Popular WordPress SEO Plugin Web Hosting News 2014-06-02 14:51:06
TrendyTools Launches HTML 5 Website Builder cPanel Plugin Web Hosting News 2013-08-07 14:18:20
cPanel Security Updates Address Perl Module Vulnerabilities Web Hosting News 2012-12-06 12:55:54
Dutch Web Host Protagonist Offers SpamExperts Spam Email Filtering Service Web Hosting News 2014-05-01 08:22:33


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?