• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Recent Topics

Forum Membership

Forum Membership

CloudFlare (cPanel plugin) - Local Privilege Escalation Vulnerability(R911-0080)

Started by Kailash, October 16, 2013, 11:01:19 AM

Kailash

Type: Privilege Escalation
Location: Local
Impact: Critical
Product: CloudFlare (cPanel Plugin)
Website: http://www.cloudflare.com
Vulnerable Version: 4.1
Fixed Version: 4.2
CVE: -
R911: 0080
Date: 2013-10-15
Reported By: Rack911

Product Description:

CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

Vulnerability Description:

There is a local privilege escalation flaw in CloudFlare's cPanel Plugin that would allow an attacker to write to any file on the server, ultimately leading to a root compromise.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against CloudFlare (cPanel Plugin) v4.1 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in CloudFlare (cPanel Plugin) v4.2.

Vendor Contact Timeline:


2013-09-30: Vendor contacted in person.
2013-09-30: Vendor confirms vulnerability.
2013-10-13: Vendor issues updates to all builds.
2013-10-15: Vendor + Rack911 issues security advisory.