• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.

WHMXtra - Privilege Escalation Vulnerability

Started by Kailash, July 01, 2013, 10:34:47 AM

WordPress Premium Themes


QuoteType: Privilege Escalation
Impact: Critical
Product: WHMXtra
Website: http://www.whmxtra.com
Vulnerable Version: G2 v2.6 and earlier.
Fixed Version: G2 v2.7
CVE: -
Date: 2013-06-26
Reported By: http://www.rack911.com

Product Description:

WHMXtra can install FFMPEG, firewalls, ddos protection, fix mysql issues, search for illegal files or processes, monitor your server and much much more. Browse the entire server filesystem via one of our built in file managers, upload/download files, create multiple accounts, check memory and CPU usage and even get tips on improving your servers performance.

Vulnerability Description:

For some un-explainable reason, WHMXtra modifies the sudo permissions to allow anyone to use chown or chmod as root which would ultimately allow the attacker to give themselves root access.

Proof of Concept:

Due to the seriousness of this vulnerability, we will not be releasing an exploit until a much later date.


We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can gain an instant root shell.

Vulnerable Version:

This vulnerability was tested against WHMXtra G2 v2.6 and is believed to exist in previous versions.

Fixed Version:

This vulnerability was patched in WHMXtra G2 v2.7.

WordPress Premium Themes