Type: Arbitrary File Access
Location: Remote
Impact: High
Product: BetterLinux
Website: http://www.betterlinux.com
Vulnerable Version: 1.1.3-1
Fixed Version: 1.1.4-2
CVE: -
R911: 0117
Date: 2014-01-24
By: Rack911
Product Description:

BetterLinux is a collection of tools for system resource management, monitoring, and security intended for hosting providers, data centers, SaaS companies, and cloud environments. With it, you can control use and allocation of CPU, memory, MySQL, device I/O bandwidth, and IP bandwidth resources all within a secure environment. Individual users and processes that exceed set resource limits can be isolated from other system users and throttled as necessary.

Vulnerability Description:

BetterLinux with cPanel suffers from an arbitrary file access vulnerability which could be used to show sensitive files behind directories otherwise not accessible. The biggest area of concern would be the config cache directory for cPanel that contains the root MySQL password which could be viewed when used in a symlink attack but any file such as /etc/shadow could also be accessed.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be read regardless of ownership which could lead to a privilege escalation.

Vulnerable Version:

This vulnerability was tested against BetterLinux 1.1.3-1 and is believed to exist in all versions prior to the fixed builds below.

Fixed Version:

This vulnerability was patched in BetterLinux 1.1.4-2.

Vendor Contact Timeline:

2013-12-26: Vendor contacted via email.
2013-12-26: Vendor confirms vulnerability.
2014-01-23: Vendor issues updates to all builds.
2014-01-24: Rack911 issues security advisory.