CloudLinux - Content Disclosure Vulnerability (R911-0049)
Type: Content Disclosure (Root Access)
Website: CloudLinux OS
Vulnerable Version: CageFS 5.0-8
Fixed Version: CageFS 5.0-9
CloudLinux is a commercially supported Linux operating system interchangeable with CentOS. It includes kernel level technology called LVE that allows you to control CPU and memory on per tenant bases. It is a bases for application level virtualization. CloudLinux delivers advanced resource management, better security and performance optimizations specifically targeted to multi-tenant hosting environment.
There is a flaw within the CageFS portion of CloudLinux that allows an attacker to disclose the contents of any file on the server regardless of file ownership.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed.
This vulnerability was tested against CloudLinux CageFS 5.0-8 and is believed to exist in all prior versions.
This vulnerability was patched in CloudLinux CageFS 5.0-9.
Vendor Contact Timeline:
2013-08-08: Vendor contacted via email.
2013-08-08: Vendor confirms vulnerability.
2013-08-09: Vendor issues update.
2013-08-09: Rack911 issues security advisory.
Cloudlinux has released a fix for this. In our testing it sufficiently blocks the vulnerability.
Beta: CageFS-5.0-9, LVEManager-0.6-21
- Configure pam_lve for CageFS (redone, bugfix)
- Fixed content disclosure vulnerability. Special thanks to Patrick H. and Steven Ciaburri from Rack911.com for discovering the vulnerability
It is strongly recommended that you upgrade.