CloudLinux is a commercially supported Linux operating system interchangeable with CentOS. It includes kernel level technology called LVE that allows you to control CPU and memory on per tenant bases. It is a bases for application level virtualization. CloudLinux delivers advanced resource management, better security and performance optimizations specifically targeted to multi-tenant hosting environment.
Due to an input validation failure present within the postmodifyacct script for cPanel, it is possible for a malicious reseller to disable CageFS and perform other commands intended for an administrator.
Proof of Concept:
A POC may be provided at a later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that CageFS can be disabled.
This vulnerability was tested against CloudLinux CageFS 5.2-12 and is believed to exist in all prior versions.
This vulnerability was patched in CloudLinux CageFS 5.2-15.