CPanel - Root Privilege Escalation

.:: DESCRIPTION ::.

cPanel is the industry leader for turning standalone servers into a fully automated point-and-click hosting platform. Tedious tasks are replaced by web interfaces and API-based calls. cPanel is designed with multiple levels of administration including admin, reseller, end user, and email-based interfaces. These multiple levels provide security, ease of use, and flexibility for everyone from the server administrator to the email account user.

.:: SUMMARY ::.
Affected Version: 11.24.5-RELEASE
Tested Platform: Linux

Default CPanel security settings would restrict virtual host users to execute or view files under their own privileges, UID, GID, and permissions. Coupled with a non-default configuration, a vulnerability has been discovered in CPanel which allows users to execute or view files with the highest privilege, which is "root".

.:: DETAILS ::.
Not available to the public or to the users with basic VIA Agent's subscription.

.:: IMPACT ::.
Successful exploitation of this vulnerability allows an attacker to gain root access to the vulnerable server.

.:: AUTHOR ::.
Phuong Nguyen