Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072

    Softaculous - Import (cPanel) Privilege Escalation (R911-0111)

    Type: Privilege Escalation
    Location: Local
    Impact: Critical
    Product: Softaculous
    Website: http://www.softaculous.com
    Vulnerable Version: 4.3.6
    Fixed Version: 4.3.8
    CVE: -
    R911: 0111
    Date: 2014-01-02
    By: Rack911
    Product Description:

    Softaculous is the leading auto installer with over 300 applications that can be installed by a click of the mouse. The software is in use by thousands of web hosting companies and works with various control panels such as cPanel, Plesk, DirectAdmin, InterWorx and H-Sphere.

    Vulnerability Description:

    It is possible for a malicious user to exploit a privilege escalation vulnerability within the Import function of Softaculous for cPanel which could lead to a root compromise.

    Impact:

    We have deemed this vulnerability to be rated as CRITICAL due to the fact that interactive root access can be obtained.

    Vulnerable Version:

    This vulnerability was tested against Softaculous v4.3.6 for cPanel but it may exist in other control panel versions as well.

    Fixed Version:

    This vulnerability was patched in Softaculous v4.3.8.

    Vendor Contact Timeline:

    2013-12-31: Vendor contacted via email.
    2014-01-01: Vendor confirms vulnerability.
    2014-01-02: Vendor issues v4.3.8 update.
    2014-01-02: Rack911 issues security advisory.
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

Similar Threads

  1. [FEATURED] UNIXY Varnish (cPanel Plugin) - Privilege Escalation (R911-0093)
    By Patrick in forum Vulnerabilities
    Replies: 1
    Last Post: 11-20-2013, 05:58 PM
  2. CloudFlare (cPanel) - Local Privilege Escalation Vulnerability (R911-0081)
    By Steven in forum Hosting Security and Technology
    Replies: 4
    Last Post: 10-23-2013, 11:39 AM
  3. CloudFlare (cPanel) - Local Privilege Escalation Vulnerability (R911-0080)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 10-15-2013, 10:13 AM
  4. Replies: 0
    Last Post: 10-11-2013, 08:25 PM
  5. cPanel - Privilege Escalation Vulnerability (R911-0052)
    By Patrick in forum Hosting Security and Technology
    Replies: 0
    Last Post: 08-29-2013, 09:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •