InterWorx - Content Disclosure (MySQL Access) Vulnerability - Knowledgebase

Portal Home > Knowledgebase > Articles Database > InterWorx - Content Disclosure (MySQL Access) Vulnerability

InterWorx - Content Disclosure (MySQL Access) Vulnerability

Posted by Patrick, 05-28-2013, 12:01 PM
Product Description: The InterWorx control panel is a Linux based dedicated server and VPS web control panel. It is feature rich for both the system administrator and website administrator. Supports software-based load balancing and clustering via a web interface. Vulnerability Description: There is a flaw within the import / restore feature that allows an attacker to use a malicious archive to gain access to sensitive files via a symlink attack on the bandwidth reporting graphs. The attacker would be able to access any file owned by the iworx user including the iworx.ini file that contains in plain-text the MySQL passwords for several important accounts that would ultimately allow access to all client hosted databases. Note: In order for this vulnerability to work, the attacker must social engineer the hosting company to restore the malicious archive. However, because transferring and restoring accounts is such a common practice in the hosting world we believe this exploit to be trivial to perform. Proof of Concept: Due to the nature of this vulnerability we are withholding the proof of concept until a later date to allow everyone ample time to update their software. Impact: We have deemed this vulnerability to be rated as HIGH due to the fact that MySQL access can be obtained as the 'iworx' user which is where all of the customer databases are stored. It would be the equivalent of compromising the root MySQL credentials with other control panels. Vulnerable Version: This vulnerability was tested against InterWorx v4.11.6 + v5.0.5 BETA and is believed to exist in all prior versions. Fixed Version: This vulnerability was patched in InterWorx v4.11.6 #475 + v5.0.5 #516. Vendor Contact Timeline: 2013-05-19: Vendor contacted via email. 2013-05-20: Vendor confirms vulnerability. 2013-05-20: Vendor issues v4.11.6 #475 update. 2013-05-20: Vendor issues v5.0.5 #516 update. 2013-05-28: Rack911 issues security advisory. Last edited by bear; 07-09-2013 at 08:05 AM.
Posted by Steven, 05-28-2013, 12:10 PM
We would like to thank InterWorx for their timely fix and for also recognizing the seriousness of this security vulnerability. As some of you are aware, we discovered multiple flaws in several control panels by attacking control panels via malicious user archives. cPanel has deemed the exact same vulnerability to be a "minor flaw" which is absolutely ludicrous given what data can be compromised. Fortunately, the developers at InterWorx don't have their heads up in the clouds and have rated this high which is appropriate.
Posted by cloudhopping, 06-05-2013, 09:54 PM
Steven, We have been debating migrating to Interworx from cPanel for some time. Overall - I trust your judgement How would you rate them (feel free to pm if needed)