Results 1 to 5 of 5
  1. #1
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294

    CloudFlare (cPanel) - Local Privilege Escalation Vulnerability (R911-0081)

    Type: Privilege Escalation
    Location: Local
    Impact: Critical
    Product: CloudFlare (cPanel Plugin)
    Website: http://www.cloudflare.com
    Vulnerable Version: 4.2
    Fixed Version: 4.5
    CVE: -
    R911: 0081
    Date: 2013-10-22
    By: Rack911
    Product Description:

    CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

    Vulnerability Description:

    There is a local privilege escalation flaw in CloudFlare's cPanel Plugin that would allow an attacker to write to any file on the server leading to a root compromise.

    Proof of Concept:

    Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

    Impact:

    We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

    Vulnerable Version:

    This vulnerability was tested against CloudFlare (cPanel Plugin) v4.2 and is believed to exist in all prior versions.

    Fixed Version:

    This vulnerability was patched CloudFlare (cPanel Plugin) v4.5.

    Vendor Contact Timeline:

    2013-10-18: Vendor contacted via email.
    2013-10-18: Vendor confirms vulnerability.
    2013-10-21: Vendor issues updates to all builds.
    2013-10-22: Rack911 issues security advisory.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    You can confirm that you are using the latest version via:

    cat /usr/local/cpanel/etc/cloudflare.json | grep cp_version

    If it doesn't return 4.5 then you can try manually updating:

    /usr/local/cpanel/bin/cloudflare_update.sh
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by Patrick View Post
    You can confirm that you are using the latest version via:

    cat /usr/local/cpanel/etc/cloudflare.json | grep cp_version

    If it doesn't return 4.5 then you can try manually updating:

    /usr/local/cpanel/bin/cloudflare_update.sh
    Note.. older versions did not have this update script so you may need to reinstall from github.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Oct 2004
    Posts
    627
    Quote Originally Posted by Steven View Post
    Note.. older versions did not have this update script so you may need to reinstall from github.
    thanks for this info as we just had to reinstall like you said

  5. #5
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Re-install instructions, if auto update doesn't work:

    cd /usr/local/cpanel
    curl -k -L https://github.com/cloudflare/CloudFlare-CPanel/tarball/master > cloudflare.tar.gz
    tar -xvf cloudflare.tar.gz
    cd cloudflare*/cloudflare
    ./install_cf Key mod_cf "Company"
    When you initially signed up for CloudFlare they gave you a key. You need to replace that with your key, otherwise the software will not work properly. After you have re-installed the software, check the .json file again to ensure it says 4.5 or later.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

Similar Threads

  1. DirectAdmin - MySQL Local Privilege Escalation Vulnerability (R911-0078)
    By Patrick in forum Hosting Security and Technology
    Replies: 2
    Last Post: 10-28-2013, 03:05 PM
  2. CloudFlare (cPanel) - Local Privilege Escalation Vulnerability (R911-0080)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 10-15-2013, 10:13 AM
  3. Replies: 0
    Last Post: 10-11-2013, 08:25 PM
  4. RVSiteBuilder - Hardlink Local Privilege Escalation Vulnerability (R911-0062)
    By Patrick in forum Hosting Security and Technology
    Replies: 7
    Last Post: 09-05-2013, 08:23 AM
  5. RVSkin - Hardlink Local Privilege Escalation Vulnerability (R911-0064)
    By Steven in forum Hosting Security and Technology
    Replies: 0
    Last Post: 09-03-2013, 09:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •