Vesta Control Panel 0.9.8-16 - Local Privilege Escalation
Posted: Fri Jan 06, 2017 1:51 am
Hello,
So it seem's like the current release of VestaCP is vulnerable to root escalation, which is a bit of security concern as if one would compile a certain file and then execute a certain command from SSH, they can easily take over root permissions on the server.
The full report of said exploit is available here:
https://www.exploit-db.com/exploits/40953/
I suspect that this issue isn't all that hard to patch as it's only an input that's not sanitized, but I will give it a go myself in the meanwhile to get a solution to the issue.
So it seem's like the current release of VestaCP is vulnerable to root escalation, which is a bit of security concern as if one would compile a certain file and then execute a certain command from SSH, they can easily take over root permissions on the server.
The full report of said exploit is available here:
https://www.exploit-db.com/exploits/40953/
I suspect that this issue isn't all that hard to patch as it's only an input that's not sanitized, but I will give it a go myself in the meanwhile to get a solution to the issue.