Results 1 to 2 of 2
-
01-02-2014, 09:07 AM #1Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
Softaculous - Import (cPanel) Privilege Escalation (R911-0111)
Type: Privilege Escalation
Location: Local
Impact: Critical
Product: Softaculous
Website: http://www.softaculous.com
Vulnerable Version: 4.3.6
Fixed Version: 4.3.8
CVE: -
R911: 0111
Date: 2014-01-02
By: Rack911
Softaculous is the leading auto installer with over 300 applications that can be installed by a click of the mouse. The software is in use by thousands of web hosting companies and works with various control panels such as cPanel, Plesk, DirectAdmin, InterWorx and H-Sphere.
Vulnerability Description:
It is possible for a malicious user to exploit a privilege escalation vulnerability within the Import function of Softaculous for cPanel which could lead to a root compromise.
Impact:
We have deemed this vulnerability to be rated as CRITICAL due to the fact that interactive root access can be obtained.
Vulnerable Version:
This vulnerability was tested against Softaculous v4.3.6 for cPanel but it may exist in other control panel versions as well.
Fixed Version:
This vulnerability was patched in Softaculous v4.3.8.
Vendor Contact Timeline:
2013-12-31: Vendor contacted via email.
2014-01-01: Vendor confirms vulnerability.
2014-01-02: Vendor issues v4.3.8 update.
2014-01-02: Rack911 issues security advisory.RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
-
01-02-2014, 09:15 AM #2Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
More details here:
http://www.softaculous.com/news/soft...ased-2374.htmlRACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
Similar Threads
-
[FEATURED] UNIXY Varnish (cPanel Plugin) - Privilege Escalation (R911-0093)
By Patrick in forum VulnerabilitiesReplies: 1Last Post: 11-20-2013, 05:58 PM -
CloudFlare (cPanel) - Local Privilege Escalation Vulnerability (R911-0081)
By Steven in forum Hosting Security and TechnologyReplies: 4Last Post: 10-23-2013, 11:39 AM -
CloudFlare (cPanel) - Local Privilege Escalation Vulnerability (R911-0080)
By Patrick in forum Hosting Security and TechnologyReplies: 0Last Post: 10-15-2013, 10:13 AM -
SpamExperts (cPanel Plugin) - Local Privilege Escalation Vulnerability (R911-0079)
By Patrick in forum Hosting Security and TechnologyReplies: 0Last Post: 10-11-2013, 08:25 PM -
cPanel - Privilege Escalation Vulnerability (R911-0052)
By Patrick in forum Hosting Security and TechnologyReplies: 0Last Post: 08-29-2013, 09:05 PM