Web Hosting Forum - A Web Hosting community for Webmasters


Divi WordPress Theme

Author Topic: RVSiteBuilder - Content Disclosure (Root Access) Vulnerability  (Read 823 times)

0 Members and 1 Guest are viewing this topic.

Offline Kailash

  • Administrator
  • Web Hosting Master
  • *****
  • Posts: 601
  • iTrader: +153/-0
    • View Profile
Quote
Type: Content Disclosure (Root Access)
Impact: High
Product: RVSiteBuilder
Website: http://www.rvsitebuilder.com
Vulnerable Version: 5.0.31
Fixed Version: 5.0.33
CVE: -
Date: 2013-06-24
Reported By: http://www.rack911.com

Product Description:

RVSiteBuilder is browser based sitebuilding software that installs directly into cPanel. Its easy-to-follow workflow, social media plugins, and robust content management features makes it easy for even non-programmers to create, market, and maintain a high-end web presence.

Vulnerability Description:

There is a flaw within a certain RVSiteBuilder file that is accessible to resellers that allows an attacker to read any file on the server regardless of ownership when using a hardlink to the target file.

Note: This flaw is allowed to exist because of a fundamental security failure within WHM that executes all plugins as root.

Proof of Concept:

Due to the nature of this vulnerability we will not be disclosing the exploit until a later date.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed regardless of ownership, including root files such as /etc/shadow.

Vulnerable Version:

This vulnerability was tested against RVSiteBuilder v5.0.31 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in RVSiteBuilder v5.0.33.

Divi WordPress Theme
Tags:
 

Related Topics

  Subject / Started by Replies Last post
0 Replies
756 Views
Last post June 25, 2013, 10:43:56 AM
by Kailash
0 Replies
734 Views
Last post December 07, 2013, 07:02:27 PM
by Kailash
0 Replies
587 Views
Last post December 02, 2014, 01:14:18 PM
by zeropid
0 Replies
558 Views
Last post December 15, 2014, 02:03:39 PM
by AJKpeter
5 Replies
310 Views
Last post October 25, 2017, 02:55:55 PM
by Pivejoo