SolusVM – Reseller Panel Arbitrary Command Execution Vulnerability

Product Description:

Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Linux KVM, Xen Paravirtualization and Xen HVM support. SolusVM allows you and your clients to manage a VPS cluster with security & ease.

Vulnerability Discussion:

Due to user input not being sanitized, it is possible for a malicious reseller to run arbitrary commands on the master node as the root user.

Vendor Contact Timeline:

2015-06-10: Vendor contacted via email.
2015-06-10: Vendor confirms vulnerability.
2015-06-11: Vendor issues updates to all builds.
2015-06-13: RACK911 Labs issues security advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119