CloudFlare (CPanel) – Cloudflare_data.Yaml Symlink Attack

Product Description:

CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

Vulnerability Discussion:

Due to a carefully timed symlink attack directed at the cloudflare_data.yaml file, it is possible for a malicious user to change the permissions on any root owned file to 600 which could lead to the OS being disabled.

Vendor Contact Timeline:

2016-01-13: Vendor contacted via HackerOne.
2016-01-13: Vendor confirms vulnerability.
2016-01-14: Vendor issues update.
2016-01-15: RACK911 Labs issues security advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119