Type: Content Disclosure (Root Access)Product Description:
Vulnerable Version: 5.0.31
Fixed Version: 5.0.33
Reported By: http://www.rack911.com
RVSiteBuilder is browser based sitebuilding software that installs directly into cPanel. Its easy-to-follow workflow, social media plugins, and robust content management features makes it easy for even non-programmers to create, market, and maintain a high-end web presence.Vulnerability Description:
There is a flaw within a certain RVSiteBuilder file that is accessible to resellers that allows an attacker to read any file on the server regardless of ownership when using a hardlink to the target file.
Note: This flaw is allowed to exist because of a fundamental security failure within WHM that executes all plugins as root.Proof of Concept:
Due to the nature of this vulnerability we will not be disclosing the exploit until a later date.Impact:
We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed regardless of ownership, including root files such as /etc/shadow.Vulnerable Version:
This vulnerability was tested against RVSiteBuilder v5.0.31 and is believed to exist in all prior versions.Fixed Version:
This vulnerability was patched in RVSiteBuilder v5.0.33.