Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290

    LiteSpeed Web Server - Privilege Escalation Vulnerability (R911-0084)

    Type: Privilege Escalation
    Location: Local
    Impact: Critical
    Product: LiteSpeed Web Server
    Website: http://www.litespeedtech.com
    Vulnerable Version: 4.2.4
    Fixed Version: 4.2.5
    CVE:
    R911: 0084
    Date: 2013-10-31
    By: Rack911
    Product Description:

    LiteSpeed Web Server (LSWS) is a high-performance Apache drop-in replacement. LSWS is the 4th most popular web server on the internet and the #1 commercial web server. Upgrading your web server to LiteSpeed Web Server will improve your performance and lower operating costs.

    Vulnerability Description:

    A privilege escalation is possible with LiteSpeed Web Server due to a poor choice of using /tmp to store Process ID information. When the web server is configured to run PHP without suEXEC, an attacker is able to write to the /tmp/lshttpd directory and use a carefully crafted exploit to obtain root access.

    Proof of Concept:

    Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

    Impact:

    We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

    Vulnerable Version:

    This vulnerability was tested against LiteSpeed Web Server v4.2.4 and is believed to exist in all prior versions.

    Fixed Version:

    This vulnerability was patched in LiteSpeed Web Server v4.2.5.

    Vendor Contact Timeline:

    2013-10-14: Vendor contacted via email.
    2013-10-14: Vendor confirms vulnerability.
    2013-10-30: Vendor issues update.
    2013-10-31: Rack911 issues security advisory.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

Similar Threads

  1. cPanel - Privilege Escalation Vulnerability (R911-0052)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 08-29-2013, 09:05 PM
  2. cPremote - Privilege Escalation Vulnerability (R911-0050)
    By Steven in forum Hosting Security and Technology
    Replies: 13
    Last Post: 08-14-2013, 11:57 PM
  3. SecPanel - Privilege Escalation Vulnerability (R911-0045)
    By Steven in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-22-2013, 11:32 AM
  4. InterWorx - Privilege Escalation Vulnerability (R911-0038)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-08-2013, 01:07 PM
  5. InterWorx - Privilege Escalation Vulnerability (R911-0036)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-08-2013, 12:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •