Web Hosting Forum - A Web Hosting community for Webmasters

Divi WordPress Theme

Author Topic: WHMXtra - Privilege Escalation Vulnerability  (Read 989 times)

0 Members and 1 Guest are viewing this topic.

Offline Kailash

  • Administrator
  • Web Hosting Master
  • *****
  • Posts: 601
  • iTrader: +153/-0
    • View Profile
WHMXtra - Privilege Escalation Vulnerability
« on: July 01, 2013, 10:34:47 AM »
Type: Privilege Escalation
Impact: Critical
Product: WHMXtra
Website: http://www.whmxtra.com
Vulnerable Version: G2 v2.6 and earlier.
Fixed Version: G2 v2.7
CVE: -
Date: 2013-06-26
Reported By: http://www.rack911.com

Product Description:

WHMXtra can install FFMPEG, firewalls, ddos protection, fix mysql issues, search for illegal files or processes, monitor your server and much much more. Browse the entire server filesystem via one of our built in file managers, upload/download files, create multiple accounts, check memory and CPU usage and even get tips on improving your servers performance.

Vulnerability Description:

For some un-explainable reason, WHMXtra modifies the sudo permissions to allow anyone to use chown or chmod as root which would ultimately allow the attacker to give themselves root access.

Proof of Concept:

Due to the seriousness of this vulnerability, we will not be releasing an exploit until a much later date.


We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.

Vulnerable Version:

This vulnerability was tested against WHMXtra G2 v2.6 and is believed to exist in previous versions.

Fixed Version:

This vulnerability was patched in WHMXtra G2 v2.7.

Divi WordPress Theme

Related Topics

  Subject / Started by Replies Last post
0 Replies
Last post June 25, 2013, 10:38:55 AM
by Kailash
0 Replies
Last post June 25, 2013, 10:50:58 AM
by Kailash
0 Replies
Last post October 16, 2013, 11:01:19 AM
by Kailash
0 Replies
Last post January 03, 2014, 11:40:47 AM
by Kailash
1 Replies
Last post January 31, 2014, 10:15:19 AM
by Kailash